23542300x800000000000000031776Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:18.893{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=209378FD58852CBF9485D2FFB83795BC,SHA256=DBA7E3F247DACC9B30819F1AF42F0F978D8D4FC6ACB49DA363EE1980E505B969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E5B7015AE1E2045BCE55289094E2BFB,SHA256=DBA88713678B785E84A2A8E002601C80CE16B116027D34680CC4097C54178E6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.160{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=11B16D92F360FF8DBB6463B989C9499C,SHA256=4821E28EE09ACC63FEEDA72064390C4747FC97999FFDD204EC8008CBA0024EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=32E1D7CD54A93C827B225C2E010CF835,SHA256=DC6D087AE4598A98A2DEC25BFCE96018CE53C7996610D881AAE5814C9D627481,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=FC74E6DB6527EADF16A76C3117B58433,SHA256=D1719D1CE960607776A9EFA45AD918670B55B087FC31F963C3301991B8749853,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A1F375806E5F94786AC01D63669FE518,SHA256=6C1FA56BBD774878379D365BECC88A356BA2FD35AEED6003D23D398E90A29E0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B887A7E94D4385D5EF2190F61234896E,SHA256=BE8F8DC7FC0CAFDBC60AAFBE15984F05F3023F7085662D89053580F11834EF16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E1FF56872FD69D8145853F299BD91C08,SHA256=ADDFF57FE000D14EB33E9BFAFAFE2943DEE54638350A533E9741B73D43C55420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7C96E76095353630BCE04450C12F9A04,SHA256=1601F45DA83F6D7992B945C7450858F6FF48E0617F1B24AD3784C39BE1DB1E99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5F81D05A0E462D3B71A057FB87C65481,SHA256=24D1132DB17ABDEB23AF2130C903B2278F26C2F22DC59FFBD5CD787CF5823539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=015175BF0AE0DC9928A73FC9C18EFE65,SHA256=6A0DC09CAB70E27100624F72A61AB82B3592957F5715938FCFA4A29D95FDCA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7D38FE4A426B89D3F2E9485B51CBD2EC,SHA256=C43AEC6288C65D416C1F1355FFE278A5D41866C1F8C43BC2E4A325E1F68B064B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B643405C2B0B8BD6610DA163B7480572,SHA256=F323F73E559AB0B9304BE800737EDA60EDC2FF901E8BAF63454D6F568EB49398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031777Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:19.893{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA4D5379ECABD5C61AC61B89E59899C9,SHA256=109EA1119B2CDF3BA89ED9AA32D3D6AEFA09332B5FEC2F0BD0FF907FA319EE2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:19.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCBCE2304A3F309E1C188DF9DB0A4D7F,SHA256=888B269C9E519EE60E6151F34DCBE36F1398042852A826AF436FA50D0913658A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031778Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:20.908{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7BBEBDEBF21D7FB49E55834C75922CF,SHA256=4D88F975668813CD50080E7DB759750F7B1D8C040D709EEE03478657F87A7880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:20.391{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D656CE3D849AAF93F108BCC81C7B64CB,SHA256=37D7A774015C1863CBEEA0095E258E7E12325F766B973EDF8C9A5CAC20FD02A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031779Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:21.924{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=978CEB5BDBF8E0FC84F385BD9ABE9759,SHA256=CC314163E20474D751CB797F39CDA3F4899A386CD2D1A9D712EFEE8F31A53F47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.946{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.660{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.591{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.407{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC2A3F483376AFEEA98B41F4244A842,SHA256=873C92EEEB39B15A1A42BC0326EC83E2C59DE2976D3E34E74DAC523324E68299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031780Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:22.940{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DD3F29CC644DE9EBF337A489F855C95,SHA256=3D859D7F84FCD3E749E92E2011900179A40F5AB061B884A353D5664F8EA6F697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:22.990{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=AC11FDE6EA005B43532EDC616FD59B3A,SHA256=191A96BE796F1CD703CBF4D428293E7A7F8538069CEE694E6D3696D83A2CCDC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:22.426{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F696CFC7F9E70CE86CE79E10B26930A,SHA256=3994E9FAFA20308E551E3578E1FF5244503D210FC862EFB99F4030E4076D6ACB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:22.375{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031796Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.955{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA15A1F01B6E67D423A16F2B93FC269,SHA256=13D621DA9BD91E839E5712E5D201D41E9610A6965917BFFAD53CC54C59E35EEB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.861{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.528{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.442{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.442{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DD12CD2FA81FBE09EA8D34A6E5D9DD0,SHA256=7B555AB1B7D3CF473DA544A46D2F54A48BDC1D1F59B2F08C3219D4F011B39A14,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031795Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031794Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031793Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031792Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031791Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031790Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031789Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031788Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031787Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031786Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031785Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031784Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031783Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.566{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031782Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.361{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=B56470119A3A90506EF556F855A7F787,SHA256=207D389DED0EADDE9461D0D40D119ABCF3DDCD3BC1FAF9BC1D1C392A95EEB4E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031781Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:20.388{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51546-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000071835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.358{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000071834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.295{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63275-false10.0.1.12-8000- 23542300x800000000000000031827Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.986{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DBBD611F07E0E95A397A639085616CA,SHA256=E03FA98E937CFF940D726BDA76571532DF9BA5788AFA1FBA72CDF3756017724E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:24.991{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:24.445{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A672DC045C8E80005FCD23CF38E353E3,SHA256=9A95871D249E19954B9CE70AAC2D10EFDCF7BE4CB2E532C54F2946A3612F11CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031826Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.830{50946567-2F14-60EC-1C05-00000000DC01}26003616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031825Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031824Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031823Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031822Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031821Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031820Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031819Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031818Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031817Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031816Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031815Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031814Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031813Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.644{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031812Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.580{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9414F83788BF748BE35C812B101FBCA6,SHA256=D2FA9FDBEBB436735F917B74E4E07D0F9D19926C71D9F67C0CC81C9C770104E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031811Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.580{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6ABC32092F12489342D957DC4CF8D806,SHA256=8652ED217877CFB4BA9BAC485F1163CB7940DA57FA2360F407B0DA3BC9A7A199,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031810Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.377{50946567-2F14-60EC-1B05-00000000DC01}19243296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031809Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031808Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031807Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031806Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031805Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031804Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031803Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031802Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031801Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031800Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031799Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031798Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031797Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.144{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:25.475{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E994F90F558C9ABA8D9CE05B215BC33,SHA256=F2C9DB7487A6DA1772EF519B7C126F2EF5E1965B184FC9B969351B8A1D979A41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031855Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031854Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031853Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031852Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031851Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031850Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031849Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031848Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031847Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031846Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031845Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031844Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031843Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031842Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.799{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9414F83788BF748BE35C812B101FBCA6,SHA256=D2FA9FDBEBB436735F917B74E4E07D0F9D19926C71D9F67C0CC81C9C770104E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031841Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.486{50946567-2F15-60EC-1D05-00000000DC01}14521128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031840Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031839Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031838Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031837Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031836Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031835Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031834Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031833Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031832Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031831Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031830Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031829Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031828Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000071842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:25.191{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:26.490{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82AFDB3EAAA4410321683ADADC8877B5,SHA256=6300EF75298CCE757B001CC03F57ECC7F9D1125A99946A08ABF5E56CFD955342,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031857Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:26.971{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B4C580C06BB8ABCBF0765884249C64B3,SHA256=0AE037BCCF65B46DB79EF8B1AEBE503A9A055FE487A9BE5D723886DE4957F279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031856Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:26.143{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=055947FC70504FD243A7959DE12FCAE3,SHA256=D6E0205AAE3DC13B4F3A9A0F42B3A9E6AD0D2A0EE324E287B486263D4E43D19C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:27.505{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE3B45F90B95DB39708EC0D87C350B71,SHA256=C2993185BEC8F27D7F7ED07291C42D88ED909C3B4F675A76AE448CCD583D5582,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031858Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:27.377{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF197E1833292D82E963332B4FA09620,SHA256=EABECE6AE3A4F8239481F4AF291C2D585DBFFC08922130929DC098E1CCDC8F54,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:25.111{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63276-false10.0.1.12-8089- 23542300x800000000000000071847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:28.523{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF7AEDEC455BD56ED361CDB8A2C7951C,SHA256=5306C30FBC45F4D1C92AEE46BDD261405B8B430CC8A04070A9296DE9D755A03D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031887Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031886Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031885Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031884Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031883Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031882Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031881Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031880Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031879Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031878Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031877Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031876Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031875Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.909{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031874Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.408{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057FE951608A36C299590ED14F201963,SHA256=9C537938BAF6DA41DB8D7CB2F2F4EE77D178A390FC7D4EBB64AB8E381973CDDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031873Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.408{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AC673D5A87783ED315F85F031B06B0B,SHA256=8CBD9FB0BB4AEB651B083269E7DD71D50CB8A057F7489D145F89FACAB46D5DD3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031872Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:26.388{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51547-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000031871Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031870Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031869Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031868Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031867Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031866Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031865Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031864Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031863Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031862Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031861Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031860Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031859Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.237{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031890Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:29.455{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A68562BA8B2E8CD99D63BD1745FA84B4,SHA256=0CE0C156ECC9955987C0563E676F0AACD370A938E0E8A1F969F7751C0D89EB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031889Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:29.455{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A1363D31C57EF2570924BFA1D237BE1E,SHA256=102A66ADAFEA62914ACB810349A0FE8BC29444B7E143B8CEE3982EFB150B79B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.541{8057F119-089F-60EC-0B00-00000000DB01}6324048C:\Windows\system32\lsass.exe{8057F119-089C-60EC-0100-00000000DB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000071849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.541{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F906AE7683AA29CB56DD42CF5DC30FA4,SHA256=1B381607B028F4AEC9D6257F513858AC19D49CF86162A9FD51BD215EE184E76D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:27.256{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63277-false10.0.1.12-8000- 10341000x800000000000000031888Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:29.096{50946567-2F18-60EC-2005-00000000DC01}15723592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031891Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:30.489{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36904341D151F46AB1BAE7FA124CCB0E,SHA256=BBDB7679AD2CB39201A6D2CC23F7F6697287B377132A44974AB24BF5F607A254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:30.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=03F2086A38203205D12AEAAC04EB1635,SHA256=F607E29763D3B54850F077461CB545A966A84741925C3D6B37BD0F0A4A8E59F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:30.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4F9A29B8C469C130E351FD66C5BA8313,SHA256=AC01EBCF1637C252A35DF05D78E641CC0147BC2D4A1A513FCECBFF5F80DE83C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:30.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AE4D49AAD2768E36166BCAE550C2E3F,SHA256=6DF21335E29D495DCA674EB1FD0814CAFFD6DC42C8923533B77D1C4232BE2563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.587{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55DB21952243A461926C06B93A19D37B,SHA256=4F2E2904935A0C69C25758554075B1013A864D011AA1FACEC7C56A5BE02A619F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031892Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:31.533{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E5B08DAFD85B9D7AF7B33D3CA41CBDF,SHA256=1175892B1B0F456826FA870A7FD54391C17BD53FA3FC43C1C9E113862A9AA923,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.371{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E54F3FA08479C7D21518F9A45CF3E5BF,SHA256=9EC3DE08B42954B1FC880AA20593B27C107FDD4EE262D3887A42D8AE460BEDDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.371{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B92EC1D5823FA1C731C3DDD7F29D51E6,SHA256=18DBB3CFFA7875FB1BAE9EF00BBAAFB3866639C138C98458188C1F1D5C198656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.371{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AB481FA45367F14434B84D725B052DFE,SHA256=7E599A5CA12FC1A5147AABD51CAC9D646BB31CD049D0AAE5D3053D1B13784D24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F7C9540EE6A691A344AEE0170B258A01,SHA256=8E93375D4AD1E45D17D3024A384FEE8C1751342D325D067282A4E2A5C8980879,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5EEAEE255AD2875B25CF16610A92094A,SHA256=66C7A5A4DFBEFB61734FEBA22226D4BB4EC50BBC738A3334F270886921FEF9DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=42D8F8A7FA4B1914182F02AE356302FB,SHA256=81A6F74C89E3B1751B4C859ED8D56CDDA02FD04F2D324DBF400CB80E129218A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=33826FE6FDAAA27199507B3EC37FCDED,SHA256=14A461306B1053E51B61211CC25BD6F19D6581B3EF8C550AE70249AC1F783AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=8A1B0AED9235197516637632A12249B4,SHA256=428DFD5AFC34658ED6E896A41F8BB9D56A9654EA0AF585B46BD26731A9A0EB8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=29CA061B84648017E248B89578ABBB10,SHA256=293DE97EEAF9EAB3EF63BD5CAD610A549CDF75AC6B165BC877ED50211CBA3A6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AAC5D602C4BC56C51E6F9BA3F0262308,SHA256=36416520A502B1163D8513B6A7BF5572096FE6E46E68D8BE08C38BF1C91A14BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A3A4562927D46DCC95869E199F305F98,SHA256=246CDCEA081CC13330B92511A0C352D9785DD543FFCCC0A4A51D546FE19D073A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.678{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63278-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000071854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.677{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63278-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 23542300x800000000000000071868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:32.603{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34F2CEDDBB724DACAB15A564298545E2,SHA256=3A66658326BEBE652CE4722C304A070833FF582716588117166E45E4473CC9B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031893Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:32.565{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6A6324949E39F254CC25E24CBD64319,SHA256=8A51326B5971368D5669B0369D110191E70A30F5C506E28E8707E1E6C1C4690D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031894Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:33.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716CBF8504D72738B04F378CD108B472,SHA256=FE1F3DDB6EDA718C216080454857A12A3C4B8E256203B1A8D95FBD41B77482C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:33.603{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A9D940DE6FE23A698D7B6E37E50D5CA,SHA256=4022F93BB078E53CC72479C3554292533D44525AD718E1098FE04747A44D11E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031896Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:34.679{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41144F5EEDEC2FD495DF0CF3A183F2A,SHA256=EC3B65D5512DB23087066BC561BC6ABD82D0E523AAAE131C3FFD313B8A9367AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:34.620{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A2C5185E282130D525696D1672E22FD,SHA256=09BB6E20CD1D7CB9C4A5701432F1C0ECBBE3DE196A76DAA68DD5036E49FB59E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031895Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:31.514{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51548-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031897Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:35.741{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB075146B732DF61989BC311DFBC3CAC,SHA256=EA8AC3A9A4B9B844AF91266C1CB4FDAC9829D560487CD960BC97823DE4E7E7BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:35.638{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=454AA9A0AB2E4C39557DE181905E023A,SHA256=4856D220A6F2AB368ABECE2F775B82FBB8861ADC44B89D8A161D006437BAE2C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:33.275{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63279-false10.0.1.12-8000- 23542300x800000000000000031898Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:36.976{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81BAC5B96D7D06FF4EF7F6569EADDA48,SHA256=57C02F26CCD8716F92540A6E1540BA85321FBE8015F5EC33FFD39CFD74325F52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:36.653{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=032743A29C3C6BB3A3CDCBACE923129A,SHA256=D492F0407F2222240262C55E2F282AFCED7199027334224CC6958AB333ABD18A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031899Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:37.991{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFBDC0011C9C9D4311087BA58B89D59C,SHA256=203F63006192E99BF598F422BDA8908C8ECCCB3FDB2EDFD3B2B49FFBEFE8972C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:37.668{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA44F2A83AAA48DAC67CE3D1334D0A56,SHA256=3C56EB21C77A9441D071BB280BC5A33EDFAF7C9D45242D0B2B7B8007A191E802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:38.698{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA464F46292AC83DE93DBFA855E7A7D6,SHA256=9EDFF7492D67BEE533CFBD85AC193B5EE367CAC3395953D030E51FBCABF59F84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:39.715{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBFD4FE9660A95EC2B58A7D10637B211,SHA256=38B7C904E78C27A5B67171D325DA16D3813030A3549DE407C7C17FC2593AD2D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031901Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:36.533{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51549-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031900Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:39.116{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD0C2B5465930B47A9C2D0E29808AEED,SHA256=7CDDFCA970769F783DAE1F0161648151010000E3323F839386AB8CCC4CCB58E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:40.733{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D171E7F0BC6DA07A29EA45557767F31,SHA256=51235903BA431A0979E3C4284B8F083D55FBB95DDFF6A7BE42E25C52A53EB3E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031902Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:40.351{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D257D8419966448B60E40E251268200A,SHA256=3359302A96AE264961360BDFECBC5D086374D35F8702EF4BF61FF83D79348EA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:40.596{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-1972-60EC-F605-00000000DB01}3272C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:40.596{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4207-00000000DB01}5712C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000071877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:39.217{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63280-false10.0.1.12-8000- 10341000x800000000000000071886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.848{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.848{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.848{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.748{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=040A7016771E28EDDB6795A205591EF9,SHA256=6FF03D3FBB2304064A05A497698C3A9A38390153DBA7134036390E2AD18CBC94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031903Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:41.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF8563BB58742DB6373FA060F31056F1,SHA256=4AE4B692AAE18F542CE7BAA08CBDFEA3F9839EAEE20B56F474E43AECCB510763,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.264{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4194DEFF88AD20A6900B941AFE8CE30C,SHA256=C5EE6050C9B8C532DBC1C7A224DE31FBC8AAFB5EE3E94644E756B2D5A94D9B3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.264{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=03F2086A38203205D12AEAAC04EB1635,SHA256=F607E29763D3B54850F077461CB545A966A84741925C3D6B37BD0F0A4A8E59F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:42.764{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9967EE8412654E80203474C4E5826576,SHA256=053B89115B28BB0676D4272913A5E9E3BAA4CA6B7EAA7DF6C1ACDCCF9C1594A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031904Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:42.679{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=560E819F20E9D0BD1C0A00C8C7E0E69A,SHA256=682D719EBD01F4C5A6F1934E6662EBD696B26D4FBC08FA8DD6F17EDD97B8DD1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:43.765{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=738366310551F7962D2F3EE73F30BFAC,SHA256=DAB5D68A6D63C4D1BD56A769FDDDDB3F70247ADA611311C5D64B911C48926ECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031905Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:43.741{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F699A3C8714B753B1235D989BB1ADB8,SHA256=F2A88265844D2E32FF1E001297D15D3D665E4744EF8074B305BD3250C59B387B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:44.779{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC0A8B85086CC04817960BFDFC08E615,SHA256=656FDC1737E0C6871CD4A4A56969B2FCC468C3C6672419CF8ED3E90C2F155ABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031906Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:44.757{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D15317BBD28617F646ED574BA782AD1,SHA256=B7292C63FF926BCE979C4DEC5E12C4090E836FF6B6B62DCEC9ED7DA16974E214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.795{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A15C4CC5F461DFA41F33D4BAD771293F,SHA256=3A07F505138D17C4AC39D58CE87AE996F7CDD9CFDBC8569DD431A079ECC20B24,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031908Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:42.580{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51550-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031907Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:45.772{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7900CCBB8B0DF7BA0B2A09947D937B54,SHA256=D4C571F5A3AB4AFE1CF25D479281648EA056E7533FFDDA8FD67280965FA6AD78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=55B51A9C74EA2D52382CB4D9F1502505,SHA256=B5451100AFDFECC65DD73439C08C2F15271FFF7644655B5D216CF2E2F86B4084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=72725AD534C9D8D88D96F26C1EBBCCD7,SHA256=A361F38FDB2145DB0E035E8B2131DB9437BD8E2B8E9ABF365C7E473EEF622895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=60A508CD7517D685AEBE038C93147F06,SHA256=3CC22B348C47F1EAC35A70D15534DC794028E9EFDB11F414B816D0F2ACAA4B01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5846791359B9C79785F9F5773DA0FE4A,SHA256=1B952FBE9FF5763179B7D4A17C9CBB57B5EE48AE4F08C809028EBE9D23975EB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AC5E0FC97622131647E9B00FE866F731,SHA256=499CCB71B46ADE69E87EC647F6AFC03CE051CD9D1F9A3A04FCEEA38B6C55D799,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=146A52E79ED7353D438E980F836B94D7,SHA256=37950F64DE5217F094D67B851C3D36135F393F78ECCD09112B276B982341082E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F49EAF16720CB57D94F7727C5BF4342F,SHA256=72531DF3812EC38FB5387B3E5EA7F8526B36C5F89C63DE8BB8B6F28120F9765A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C534985CBE203FAEC7879E3335C22DB3,SHA256=E23C54219CE74362C5FAD192903DB3654F5E6D379F4BF3A1232DF863852F575A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.114{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E6F74560705F8471CCA5BAC643F27E3D,SHA256=0612BFB8A184456AAAB99804BF245F573A4EFA1F58DA5DDE5A7A10402F0CB27D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.113{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=63481355A76CD1683935CB471EDAE146,SHA256=CE5E54C9577409CC4D743024CEC5D1A4F330B70918217C1E1846A0A18F311CAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.112{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B18A2440AB4D1FE5FDEA1D37ECBD416D,SHA256=F50D25F73F6D5482ED1036930CC413852E1420EA1F81484BF2A6016FC1140210,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.965{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B577159B11884819BBBE021911D23CFA,SHA256=0095BD47B71921BF4C7FFE12FEE10AF1B3646B32D5C08D79FE6B5E1D020D078B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.918{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A46E28FD5237D3BE61936F3DCBB3BC1,SHA256=F2909FADBA3ED07E5D2BD10B5EF6C7C2653FF955F578B8310184FE062FBB6D82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031909Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:46.788{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2B90D7FE22DBE48A6C133469E6DEEF5,SHA256=883BE5549E5AEAB26C785A39AFA21FE1C2396E57DE3EE87F02776AD6C71C3EBF,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.750{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.750{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.750{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000071999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000071998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000071997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000071996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000071995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000071994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000071993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000071992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000071991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000071990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000071989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000071988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000071987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000071986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000071985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000071984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000071983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000071981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000071980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000071979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000071978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000071977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000071976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000071975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000071974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000071973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000071972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000071971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000071970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000071969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000071968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000071967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000071966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000071965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000071963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000071962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.717{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.717{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000071960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.715{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.714{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000071953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.246{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63281-false10.0.1.12-8000- 10341000x800000000000000071952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.349{8057F119-2F2A-60EC-E709-00000000DB01}83089964C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.349{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000071950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.349{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000071949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000071948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000071947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000071946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000071945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000071944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000071943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000071942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000071941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000071940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000071939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000071938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000071937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000071936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000071935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000071934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000071933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000071932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000071931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000071930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000071929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000071928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000071927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000071926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000071925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000071924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000071923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000071922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000071921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000071920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000071919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000071918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000071917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000071916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000071915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000071913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000071911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000071910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000071908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.034{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000072063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.596{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.596{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.596{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.415{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.413{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.413{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000072025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000072019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.382{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.035{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC0A16C493AD6D2A9123D9B012B5E1E2,SHA256=B15846A5608B813C47E416122B6BD9398C148B09F50288C8E47837E0E05596DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.035{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4194DEFF88AD20A6900B941AFE8CE30C,SHA256=C5EE6050C9B8C532DBC1C7A224DE31FBC8AAFB5EE3E94644E756B2D5A94D9B3D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.018{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.018{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.018{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000072065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:48.415{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC0A16C493AD6D2A9123D9B012B5E1E2,SHA256=B15846A5608B813C47E416122B6BD9398C148B09F50288C8E47837E0E05596DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:48.164{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE564749D9D8EF7C84829CECCAE8A230,SHA256=638E2ED17B4E78BA1651AE0433E646CDE74A86D94A83AE39D10FC2FA478F1639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031910Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:48.007{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2ECC69B6BBAD3D81292C1C68EDC6D55,SHA256=A80338541B9B164064F4A5B527FCB3234F175F7167D6C645917602A9624FD01E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031911Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:49.085{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85BC56B2106777C29FDBE810D6F3ABFB,SHA256=BE946FFE125064FCD436E9637B7098FB0CABA694CA659BB9B690CDD7AC251633,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000072116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}93609796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000072073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.365{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.180{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=843B9B50979115DC0619212739F6125E,SHA256=62F9249A3A9358227C6BFE83191AB2121C90C29EBA43CC6840C7003674F030D7,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.922{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000072222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.922{8057F119-2F2E-60EC-EC09-00000000DB01}96089776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.922{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.921{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.717{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.717{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.716{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.715{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.714{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.714{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.713{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.713{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000072179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.696{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.379{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E6759F7C812AF96EC75D6EFBECBF057C,SHA256=5B83D19F920DF1FB0D96757C9AA843186D51D52FC39640400F2AF1C875EB8101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.279{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F2458F334B9E283436F63D8D30447E,SHA256=ADFF241526FB58466AEC8F2691E80099B362DA026DFF5F175657470052D6C01D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000072169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}954410164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000072166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.248{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3187C313601951DF2E1DDBDF764941C,SHA256=5E419E122BA95A1FCB2D072EB49631069A4B48EF84F8FB3FAD5702EAEAE5DE57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031912Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:50.101{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE509FFED1A545815C7C9AE8B6984FD8,SHA256=F349BAC62721A6AD45CE715B3BE39785D54240E6A87AF2CF932BE8BB90CDF9FE,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000072133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000072124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.033{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:51.699{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1A45C30D1051A185573935EEF55204F,SHA256=175D6D97F3DF19A253A48ADEC58E0A2E8EBFEC64B95EACBC4A8C750EF8FE7C81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:51.652{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B49FBFE6A776D522C5A95830F87C5A10,SHA256=5064C50D6FB8DEECE2B105DB17C480848AD4CB42042FF04162340098B237638B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.815{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63282-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000072224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.815{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63282-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000031914Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:51.288{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687C2EB2EE052DFE71C8AAE193D3F97A,SHA256=E5D4AC18D008DCBA458147A003F486A0C22FDDEC4E5448FB271AF2F27BE0072F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031913Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:48.424{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51551-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000072230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.330{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63283-false10.0.1.12-8000- 23542300x800000000000000072229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:52.567{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA349E556E4B9A765F0E61F321EABDCD,SHA256=75686A26208931AEE085E475CB3D948446D28C30916A0BC21D4317686ADC0116,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031915Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:52.304{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04D3241134DFE03D11E050A410E3FBBF,SHA256=9933B8328A111437B5E9A11DF9E02504059050D1448ECFEFD0C4CD491469440D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:52.351{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.968{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E9849EB98A2A30A5F7F6642B57AF77E,SHA256=7504C58A30D351DF5CEAF9DDBEC870608AAD82C5F45C96B9F57A062EF12BB052,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031916Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:53.319{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33C6C030FF1615A227C31B3A1C943AFE,SHA256=F0633EB2D453E6D8E2EA797C2007F4CB319921B274D57929D9D5C2302DA425BE,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.369{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.369{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.369{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000072261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000072246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000072242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.135{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.135{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.135{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000072237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.133{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.133{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.133{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.131{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:54.983{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C632C97B536E3250C1910D8B0B25EA4E,SHA256=CE1905162291F57B1C16B63642A42F56E826CA7F3B404B9CEC84502D965BF4B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031917Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:54.324{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4901DD1D996C54406E0FF5F8819B51C,SHA256=0CCF6A4ECAF01A1DEF4965CDA4D859C8498F66366210B86EF9F42558B0E477CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:54.152{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DAC1DD5E64DD22F89F21240AEF1C9069,SHA256=51905D295EDA91A29A284E9609427C84CEDC994EDD0AFA0F27A5CAC449936573,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031918Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:55.340{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E07D6F994B956BA020B2E28F2872B22,SHA256=6E0FDF36C366F00E7EC78446EC718787BAC6C20DD73A1622B2C4227340FD2E21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031920Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:56.355{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F865168E099C5138F30364D349C34EA7,SHA256=3CF593392488838EAF31A179FAC7B947E8DCDAF8DC8811173CEDB199455BCA16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:56.597{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-0C00-00000000DB01}840C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:55.998{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E49FABA64807670E1170AA575188C8F,SHA256=BEEE8FC593957C7ADFA71BE05561A9819084AC388CBCBE7004A8F807B00C2108,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031919Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:53.444{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51552-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031921Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:57.371{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60FD6A643FA629C7A624A3C60978F46,SHA256=17E2DB6274CB6B22F2B676ABF57EFE1FB74658296D102B6CE41C8C4C742DD117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:57.013{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A0FA4C4ADB28D77936B79C948EB51AD,SHA256=B9A567E583D4C815D63467A94A5B2A9E3B6505D731A5E80A60762AFC7EFC4B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031922Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:58.371{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C24432B014384046C58F09E8CE8FA167,SHA256=F31B19D12F0669AD23F0A9DBFDB58BC37881A1CFDFE674FDD1C5CF6ECA9C7546,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:56.301{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63284-false10.0.1.12-8000- 23542300x800000000000000072288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:58.033{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEC4D8D435114A35B2FA0DFF706BF5BD,SHA256=93F20F04A0FBB7EFF1BE8BBE4D5E07F51F9EBB4E3FEBA1D47B1C20D14624141E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031923Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:59.373{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AA1B39395AB5D8084975CA3071F9DF4,SHA256=61F88D45C01DA0449C2C417DC79A5A6CF3308B969FB1A7A717152E627BD0B18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:59.035{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=753DB428668C3B4A8908AAAA888ABED9,SHA256=83BF338EB495FBDE3175D8F49E97EB96820D48470506320DCB646DA784FE956A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031924Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:00.386{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=888F533C0868762E8A35D97A3979E646,SHA256=E4FCBAD120486E042CCA32F3EC858CD74CEE0C348F25845F48D71104F45D61C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:00.050{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0556A3E147DC0703F712CB44074BB653,SHA256=B3E8A9A70D778E7A4DE1D1FDE5E98F8C14841763C60ADFD6CA720BE7F79EFF4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:01.065{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25885BE3FA88D3FC52EAD52CABF1FD0F,SHA256=EAA77F23BA9C661AE5DE188A51B3489F46493BDE72E053B3BFE6509A2F2A0AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031925Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:01.393{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28C62295C4CB8D78C554DB1A84118F22,SHA256=F1D660C1215803538BDDA243384B0E66B76DB0553AE1FEA8ABC37FC4B135A012,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031927Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:59.446{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51553-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031926Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:02.403{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272A6580E11EAD513A20C1A1A738852E,SHA256=3C4233F3FB0084BC3ACE32A032184900C14B090B33DE87619CA635BC1B188155,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:02.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8581DD534DD6464DE9B57DC2FD01550,SHA256=7B630ECC9C0861B9715E77B23A45F19BE5FF93654610F47CB624EAB711184754,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031929Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:03.419{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CEC9E474B3DC5EEE9CC6F9409BA65EF,SHA256=6DFCD84496A2D640AC331B8DE10CB6C4D8DD634F8A13B40EB1B136485CF5A4CC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:01.366{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63285-false10.0.1.12-8000- 23542300x800000000000000072294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:03.112{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ACA17963DCFB22ABEC381BF2D2C1380,SHA256=20DAAF98BA566EA236D7B98FC16BB62E75E037C16215650127D0AEC6EA126389,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031928Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:03.044{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031931Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:04.435{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B7BD20C76DC08AD395ACB5D03AFA79A,SHA256=0412C14CA50FB2B89F90382C66DFB55065D8BD71C32F8E15F4FF9EB57119D29C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031930Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:02.383{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51554-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000072296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:04.133{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D430804DB945B4D434A620FC38F8F51E,SHA256=B7BA7E0E4E974EBE84558A8139280347BE3D62AA7F9EF2489C44641FFC055017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031932Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:05.466{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932DD821A673E6BAC7BDFD6351D09668,SHA256=B08AB4137F02496D156110C2CBBF93CD11F0BFE44C96C4ADE9540E98C49E9320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:05.147{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F924A3C3AFC0F55B98BE7897D3ADC284,SHA256=52A31412057BCE8F55CB4C82BDE24CB7364EE536C1DDBBC03A792FB2D36C6E9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:06.178{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98A221E56ED71D15D64A6B1E2AD9F039,SHA256=CCC741B5537E8EF46F717EF5F5F5AF569620BC7A50F066B758F3474791F4B382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031933Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:06.482{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F15A535708D6B68789425DDCB42FCAE0,SHA256=1BF967F0D697A9DF9E17F5E737CCD616F32D0AABD2163B577AA33CAE9B5C5FE5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031935Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:04.524{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51555-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031934Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:07.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B606C88E329C34CDF1BDC45C9C2C0169,SHA256=DBEF3B8CFCF19ADCB998E415A06762A3F077197F77972221E8BDD01306E0CC60,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.845{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.814{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.814{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.797{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.791{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.788{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.787{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.755{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000072348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.659{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F98CDD512204FA373146DA36365A96E,SHA256=511BFA06E505EAA9E1A660F68348CCAC72A088AB62AE0FA4D61F554D5AC49B85,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.624{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.604{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.598{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.592{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.576{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.567{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.564{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.557{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.554{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.551{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.550{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+1b2763|UNKNOWN(00000059F97F1E84) 10341000x800000000000000072331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.547{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.544{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.544{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.539{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.530{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.528{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.527{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.521{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+1b2763|UNKNOWN(00000059F97F1E84) 10341000x800000000000000072323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.441{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.393{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.393{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.393{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.393{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.378{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.378{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.378{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.362{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.362{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.346{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.346{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.346{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.346{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.326{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+4fb7ea|C:\Program Files\Mozilla Firefox\xul.dll+23e75b6|C:\Program Files\Mozilla Firefox\xul.dll+23dfc59|C:\Program Files\Mozilla Firefox\xul.dll+244d41|C:\Program Files\Mozilla Firefox\xul.dll+23bb931 10341000x800000000000000072308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.309{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.293{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.277{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.277{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.277{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.277{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.277{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.277{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.262{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+4fb7ea|C:\Program Files\Mozilla Firefox\xul.dll+23e75b6|C:\Program Files\Mozilla Firefox\xul.dll+23e086a|C:\Program Files\Mozilla Firefox\xul.dll+244d41|C:\Program Files\Mozilla Firefox\xul.dll+23bb931 23542300x800000000000000072299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.193{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF32BACFA84DE54817FDCE2B07584C3D,SHA256=5A32ACF54FF78CFD0614FA8C9E0DD85FA9C4B847B327A048CE220068728224AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031936Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:08.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44B5986462CC584E49C8A29545A93AEA,SHA256=9A143DE78CA07A57B3228ECF033D9327670FEDE5967BBCC96A9A8C2D4EB5A3F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.945{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.945{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.945{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.929{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.929{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.929{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.929{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.929{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.929{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.914{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+1b2763|UNKNOWN(00000059F97F1E84) 354300x800000000000000072405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.297{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63286-false10.0.1.12-8000- 10341000x800000000000000072404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.829{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.796{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.776{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.745{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.745{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.745{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.729{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.729{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.729{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.729{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.729{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.714{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.714{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.714{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.530{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.214{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33125367AA5592444136686390407086,SHA256=FBA6A6C15CD955323DD91AF522182AE89607EE691914C08E6CC0342024945E41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.145{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.130{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.130{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.130{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.114{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.114{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.114{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:08.114{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000031937Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:09.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5E94AC6D72E377F902A5BF81DA35659,SHA256=3A0EB1DA5AEDA7C62A7AE0FE8C3E8D8E5DD7D25E122527395EC075C004320205,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.860{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.860{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.576{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.561{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.413{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E84D024190AD37C2770339E064D22369,SHA256=A910066FA12F428522F9A3A164854A5EDFBC3A39539F331DFF3D34B83DE08653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.413{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC6E2ABAA2F0A6B82F93CB4B66C287D,SHA256=C8260D26931B970093919985B06C9B8E0ABA66A5A4ACB763777CB572DC933D6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.076{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.061{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.061{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.045{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.045{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.045{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.045{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.045{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.029{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:09.029{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000031938Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:10.778{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFA039699CE77E6FB4475F5116F05E10,SHA256=16CD83F7FAAA9796F2E66B7F160FE73E1F28983AA54978EF200E04AEA1EDC9F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.613{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346F6C504490BC64DA6BD217AFD65563,SHA256=CEEB0ADBC568426CB4EC0829251D4E94D8E0EE6D75242836270713FA8EA087A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.613{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.597{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.575{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.575{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.575{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.575{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.544{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.544{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.528{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.513{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.497{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.495{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.492{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.492{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.492{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.475{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.444{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.444{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000072432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:10.428{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A2A5B17B610FC1246A15B21EFDD0629,SHA256=5230EFE43797283B8E131CB8CB07D085BC38FA6C4713617F1027442B7A1595CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.444{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12CA56DED6D5458B2E53529813267183,SHA256=267E3E44D1150D3A216CCCC32E8766EC2F9F62FD578C6EE81E73530E5C030B13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.296{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.296{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.260{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.244{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.144{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000072483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.144{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000072482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:11.113{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000031940Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:10.524{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51556-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031939Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:12.028{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8E621AA873D46AD946C88655FA0BB51,SHA256=6DEC97D76CAA4A2F745728EE6C150492B4B43640368CF5CF7F3E18DB2CA34F2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.859{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F454683651F0921CFE03C818A7B13C1,SHA256=3163663E92565BF03DCCF1E57E1A3B5A370525F15929D059F77C21CD261D6283,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.460{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.445{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.445{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.445{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.429{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.414{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.414{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.414{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.397{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.397{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 10341000x800000000000000072507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.396{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.395{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.394{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.384{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.381{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.358{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.358{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.358{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 10341000x800000000000000072499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.174{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.174{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.174{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.174{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.174{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.143{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 10341000x800000000000000072631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.866{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.776{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C53D397A3EB1E41B5619D226D35AC0AD,SHA256=83F49224AAA0FE0E28C6AB5F47B0700034F0FF4441AF346816D0D467E60D1411,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031941Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:13.075{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED3B39A154C644DD0500E31503F163B8,SHA256=F69F138AD5BD13AD26AFCE8468D51F7C76AD99CF9BEF6A4D48D56D6D1A38F5C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.657{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.637{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.637{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.598{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.594{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.588{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.587{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.586{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3 10341000x800000000000000072621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.586{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 10341000x800000000000000072620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.585{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.585{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.583{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.174{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=259470FE449C5B83C7E81AEA110BCCA9,SHA256=4F4BC1F28C06FEC15355002C397D18D4D17B83B8BE50C1CAFC87B4A93A9FE3BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.159{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.143{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 10341000x800000000000000072604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.127{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.127{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.127{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.127{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.112{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.112{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.112{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.112{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.112{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 734700x800000000000000072595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll89.0.2-FirefoxMozilla Foundationlgpllibs.dllMD5=C26243875CD41F62FBB4CD7EAD35ADF8,SHA256=3608905BA86A24A4504C566A78F5EDB34AB82B4E7E122C94A0115A9778176262,IMPHASH=451AECEA9F58042E76D96A82BE2804FAtrueMozilla CorporationValid 734700x800000000000000072594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000072593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1C,IMPHASH=0B9A3C99AAFA99247F9E2BD866186AEAtrueMicrosoft WindowsValid 734700x800000000000000072592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wsock32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Socket 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwsock32.dllMD5=9471D5E2FEDF5552440BF935143DFAB0,SHA256=B489197F05EFFFB17F10FA9942DB88100C86BEB8291F9ACC8EB38BEF751BF90D,IMPHASH=6D33A1BDF842DEBFB889C44A830190E7trueMicrosoft WindowsValid 734700x800000000000000072591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87,IMPHASH=9F0D37252D56D3F9E44E69CCC59B57AEtrueMicrosoft WindowsValid 734700x800000000000000072590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.096{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\nss3.dll89.0.2-FirefoxMozilla Foundationnss3.dllMD5=DAD0CC36A4013E1804F919826332FB52,SHA256=0111E8EAE224825AB76DB9C75A5C0F8285B5A7859F9463F35E80A4E1A9077166,IMPHASH=0DFC68B8DD02D4E1CB73F90762A0E3D7trueMozilla CorporationValid 23542300x800000000000000072588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.093{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ECB88780B5941D88551AAE3B2BAC976,SHA256=C125AA3701A2E3DE073793D7DD2DF15FB7D6313B5AEAC66E4F6B984A2ACA3494,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.059{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000072586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.059{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 10341000x800000000000000072585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.059{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000072584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.059{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 734700x800000000000000072583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140_1.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=4DC09CA657822C2E8160255F767597DF,SHA256=922124BA0821AA864A0261ED88BD25F8E40F94C24D00D389E23CD9AB2BFC6BA4,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69trueMicrosoft CorporationValid 734700x800000000000000072580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000072578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\vcruntime140.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=ADE7AAC069131F54E4294F722C17A412,SHA256=92D50F7C4055718812CD3D823AA2821D6718EB55D2AB2BAC55C2E47260C25A76,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x800000000000000072577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp140.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=4B6BA0947F115AE9FD3016D26D57ABB8,SHA256=254DF96324D019A7C4213ABD4178944B8BF2873D0C3EDC1835D4C668F83D7C37,IMPHASH=4F1912F58F8D1AE7998EF5303198D62DtrueMicrosoft CorporationValid 734700x800000000000000072576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000072575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000072574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000072573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.043{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll89.0.2-FirefoxMozilla Foundationmozglue.dllMD5=643C9F1023F93F67AB5428DD5B2FF202,SHA256=CBABCF2276C08C73B51E49D2A2E4B79AD00642489EEA06660478EAAF25D49222,IMPHASH=64E64553E32D273745DEE4A979FDA47BtrueMozilla CorporationValid 734700x800000000000000072572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 17141700x800000000000000072567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.82.137641830C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.81.39885239C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+3e82ac|C:\Program Files\Mozilla Firefox\xul.dll+3e81fc|C:\Program Files\Mozilla Firefox\xul.dll+12b23b8|C:\Program Files\Mozilla Firefox\xul.dll+1307c21|C:\Program Files\Mozilla Firefox\xul.dll+1866ca1|C:\Program Files\Mozilla Firefox\xul.dll+29d482c|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x800000000000000072564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.80.113791594C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+3e82ac|C:\Program Files\Mozilla Firefox\xul.dll+3e81fc|C:\Program Files\Mozilla Firefox\xul.dll+12b23b8|C:\Program Files\Mozilla Firefox\xul.dll+1307b21|C:\Program Files\Mozilla Firefox\xul.dll+1866abe|C:\Program Files\Mozilla Firefox\xul.dll+29d482c|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x800000000000000072562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.79.187167963C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+3e82ac|C:\Program Files\Mozilla Firefox\xul.dll+3e81fc|C:\Program Files\Mozilla Firefox\xul.dll+12b23b8|C:\Program Files\Mozilla Firefox\xul.dll+1307a21|C:\Program Files\Mozilla Firefox\xul.dll+1866904|C:\Program Files\Mozilla Firefox\xul.dll+29d482c|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x800000000000000072560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.78.161306473C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+3e82ac|C:\Program Files\Mozilla Firefox\xul.dll+3e81fc|C:\Program Files\Mozilla Firefox\xul.dll+12b23b8|C:\Program Files\Mozilla Firefox\xul.dll+1307921|C:\Program Files\Mozilla Firefox\xul.dll+1866745|C:\Program Files\Mozilla Firefox\xul.dll+29d482c|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x800000000000000072558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.77.154572592C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29f47e9|C:\Program Files\Mozilla Firefox\xul.dll+29d4700|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x800000000000000072555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 734700x800000000000000072545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000072544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+e14869|C:\Program Files\Mozilla Firefox\xul.dll+29d4402|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x800000000000000072541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12b5348|C:\Program Files\Mozilla Firefox\xul.dll+29f8902|C:\Program Files\Mozilla Firefox\xul.dll+29d439e|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000072540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+29d4315|C:\Program Files\Mozilla Firefox\xul.dll+29f0a0c|C:\Program Files\Mozilla Firefox\xul.dll+29f083e|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+41333|C:\Program Files\Mozilla Firefox\xul.dll+122af80|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-21D0-60EC-6307-00000000DB01}71727612C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+122110f|C:\Program Files\Mozilla Firefox\xul.dll+cfd024|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fc728|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fd4a1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.027{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exe89.0.2FirefoxFirefoxMozilla Corporationfirefox.exeMD5=EB061721B388D0AB67504EA4E0B9CB90,SHA256=F01545312FED4B611BC377F700B6B3AD16C5792D1D6AA5F695D61D8A7B0F23E3,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2trueMozilla CorporationValid 10341000x800000000000000072536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-21D0-60EC-6307-00000000DB01}71727884C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4330b|C:\Program Files\Mozilla Firefox\firefox.exe+24848|C:\Program Files\Mozilla Firefox\xul.dll+cfe4da|C:\Program Files\Mozilla Firefox\xul.dll+1217834|C:\Program Files\Mozilla Firefox\xul.dll+1215b02|C:\Program Files\Mozilla Firefox\xul.dll+122249e|C:\Program Files\Mozilla Firefox\xul.dll+da6214|C:\Program Files\Mozilla Firefox\xul.dll+40976|C:\Program Files\Mozilla Firefox\xul.dll+3f85a|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+dabd27|C:\Program Files\Mozilla Firefox\nss3.dll+fac5a|C:\Program Files\Mozilla Firefox\nss3.dll+ee441|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.015{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe89.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7172.76.1684477410\1647128621" -childID 11 -isForBrowser -prefsHandle 8332 -prefMapHandle 3816 -prefsLen 16223 -prefMapSize 232815 -parentBuildID 20210622155641 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 7668 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\bob{8057F119-21B7-60EC-6B46-520000000000}0x52466b3LowMD5=EB061721B388D0AB67504EA4E0B9CB90,SHA256=F01545312FED4B611BC377F700B6B3AD16C5792D1D6AA5F695D61D8A7B0F23E3,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x800000000000000072529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000072528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.012{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 17141700x800000000000000072527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:12.996{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.76.168447741C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000072728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.806{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CAE5311021CD58B8C2315486743D9CD,SHA256=8EB7E555493F7D4500825EE3DAE356348B404C395811F335833787E18B881D3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031942Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:14.200{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A755083E3E233A20F6A1439A11CDE297,SHA256=652ECFDA54B7086F918BBAC34640209C02EBCA3D19F06BE234AF142FC6DD4287,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.779{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.695{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F778BDBE2C434FDC5504D8449AD133B,SHA256=BCCD42554826A9696E661ABA986DB6B9BCE23A195D13AE107F2812BD13C5BA53,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.623{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\freebl3.dll89.0.2-FirefoxMozilla Foundationfreebl3.dllMD5=D7E96576A0BD635C026D5F665765E570,SHA256=9DECCB1E81E68D430A0EEA23B6FE91283CAF5C7672912C9567074291D2BB9A8F,IMPHASH=53652A7DC9DFE48EFEF7CDBD318659AFtrueMozilla CorporationValid 734700x800000000000000072724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.623{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\softokn3.dll89.0.2-FirefoxMozilla Foundationsoftokn3.dllMD5=16E00F7D53C4B0A7F6E7E6F3D2489C4B,SHA256=49B335D71C79E0049C97CC42F1CDE4483738D86429ED3E0EFD581AEBF3A33778,IMPHASH=8217C8B17239D6236F43DE3AC007B8A6trueMozilla CorporationValid 18141800x800000000000000072723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.592{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.10088.4.171044199C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:14.592{8057F119-2F45-60EC-EE09-00000000DB01}10088\chrome.10088.4.171044199C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.560{8057F119-21D0-60EC-6307-00000000DB01}71727864C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+121a0bc|C:\Program Files\Mozilla Firefox\xul.dll+13233a1|C:\Program Files\Mozilla Firefox\xul.dll+1f4e71|C:\Program Files\Mozilla Firefox\xul.dll+1227e54|C:\Program Files\Mozilla Firefox\xul.dll+4127f|C:\Program Files\Mozilla Firefox\xul.dll+3f78f|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+dabd27|C:\Program Files\Mozilla Firefox\nss3.dll+fac5a|C:\Program Files\Mozilla Firefox\nss3.dll+ee441|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000072720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.545{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.82.137641830C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.545{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.81.39885239C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.545{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.80.113791594C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.545{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.78.161306473C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.545{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.79.187167963C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.545{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.77.154572592C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.541{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.10088.3.171054042C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:14.541{8057F119-2F45-60EC-EE09-00000000DB01}10088\chrome.10088.3.171054042C:\Program Files\Mozilla Firefox\firefox.exe 734700x800000000000000072712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.533{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8,IMPHASH=B53F82B33CA6ABD6251152A46E5FF78CtrueMicrosoft WindowsValid 10341000x800000000000000072711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.537{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.536{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.531{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187E,IMPHASH=5F8C6AF7D0781F35A516AEB072DAD045trueMicrosoft WindowsValid 734700x800000000000000072708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.351{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000072707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.328{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000072706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.478{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x800000000000000072705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.328{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000072704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.452{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x800000000000000072703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.449{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000072702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.443{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000072701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.417{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=BB0ECCB8A72B5926A58433666145D459,SHA256=9C082B0EF00A6E174062634F0421B1179D27BC9077A5C0B1FEB2AA74DBAC2E68,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x800000000000000072700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.414{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 18141800x800000000000000072699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.412{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.10088.2.99008064C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.412{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.10088.1.112519335C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:14.412{8057F119-2F45-60EC-EE09-00000000DB01}10088\chrome.10088.2.99008064C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:14.411{8057F119-2F45-60EC-EE09-00000000DB01}10088\chrome.10088.1.112519335C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000072695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.411{8057F119-2F45-60EC-EE09-00000000DB01}10088\chrome.10088.0.176808620C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:14.410{8057F119-2F45-60EC-EE09-00000000DB01}10088\chrome.10088.0.176808620C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.409{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.409{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.408{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000072690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.371{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\nlaapi.dll10.0.14393.3808 (rs1_release.200707-2105)Network Location Awareness 2Microsoft® Windows® Operating SystemMicrosoft Corporationnlaapi.dllMD5=63EB5F68082B8C8C392E5DAC1D4EC678,SHA256=58EC364601FA6FE26525D8ADB44B7EDEFCFB73E72897C77B6E37F73E1C7BF871,IMPHASH=0B7F4620EB804B43452C1AFA5341A2C2trueMicrosoft WindowsValid 734700x800000000000000072689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.369{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\winrnr.dll10.0.14393.0 (rs1_release.160715-1616)LDAP RnR Provider DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationwinrnrMD5=B0DE13ABF238AB28E963629B977A012F,SHA256=43288C8A658C2F0CB0CB1C9D874506D6CEEF455AAB68CE2EF0D685DE8E3BA0C3,IMPHASH=77C2BDF68EAD031D294626FB2F3033A1trueMicrosoft WindowsValid 734700x800000000000000072688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.367{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202,IMPHASH=0E9C1FA273A5EFD763FAC8E145B20C80trueMicrosoft WindowsValid 734700x800000000000000072687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.366{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\NapiNSP.dll10.0.14393.0 (rs1_release.160715-1616)E-mail Naming Shim ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationnapinsp.dllMD5=71514D9A6350A37B4F0BAA6ACB751771,SHA256=5DB99D6784900D85BB4A62E9F40B4EC628054D41B38A5E93F80C7A8BB066EBBB,IMPHASH=8D3297F500E5144336C044019A1ACFD4trueMicrosoft WindowsValid 10341000x800000000000000072686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.366{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12b3568|C:\Program Files\Mozilla Firefox\xul.dll+122d767|C:\Program Files\Mozilla Firefox\xul.dll+12e44e9|C:\Program Files\Mozilla Firefox\xul.dll+29dfd24|C:\Program Files\Mozilla Firefox\xul.dll+12bfb3c|C:\Program Files\Mozilla Firefox\xul.dll+1227e54|C:\Program Files\Mozilla Firefox\xul.dll+da0207|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x800000000000000072685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.366{8057F119-21D0-60EC-6307-00000000DB01}7172\cubeb-pipe-7172-10C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000072684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:02:14.366{8057F119-21D0-60EC-6307-00000000DB01}7172\cubeb-pipe-7172-10C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.352{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.350{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000072681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.349{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.7172.76.168447741C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.347{8057F119-21D0-60EC-6307-00000000DB01}71727844C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+29ffab|C:\Program Files\Mozilla Firefox\xul.dll+3a5b85b|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000072679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:02:14.347{8057F119-21D0-60EC-6307-00000000DB01}7172\gecko-crash-server-pipe.7172C:\Program Files\Mozilla Firefox\firefox.exe 734700x800000000000000072678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.339{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000072677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.338{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dhcpcsvc.dll10.0.14393.3930 (rs1_release.200901-1914)DHCP Client ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc.dllMD5=CD3B9633BBEF2102C4665A2C39EC0B1A,SHA256=341EFB4806BE39E09AA90CA3B069C39F2A9D61FA9B512350B2721D41875AFCAE,IMPHASH=9A2F821D250C4CEBC0627590331B869DtrueMicrosoft WindowsValid 734700x800000000000000072676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.337{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000072675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.336{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000072674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.336{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000072673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.336{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000072672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.335{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000072671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.335{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000072670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.335{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000072669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.334{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\usp10.dll10.0.14393.3321 (rs1_release.191016-1811)Uniscribe Unicode script processorMicrosoft® Windows® Operating SystemMicrosoft CorporationUSP10.DLLMD5=ACF31D492FD578C0374EB20CC393BE98,SHA256=D49ECA60A94B30DB87CDCEB36F284D273E080E8689E4B0F99D5BD44FFD117A92,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.333{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 734700x800000000000000072667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.331{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.331{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.331{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x800000000000000072664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.330{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000072663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.330{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.330{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000072661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.329{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000072660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.329{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.329{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000072658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.328{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000072657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.328{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.327{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.327{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.327{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.326{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.326{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll89.0.2-FirefoxMozilla Foundationxul.dllMD5=0B035EFE8C60D8587C4C4D0C5E219A0B,SHA256=4C39F07DAF9D94C93D6B986FBFC9E49D83C8D92634A604EF74B6C5A644AF971F,IMPHASH=15743E14CFF7B4E979D67C207A4DED47trueMozilla CorporationValid 354300x800000000000000072651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.193{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56381- 354300x800000000000000072650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.193{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64166- 354300x800000000000000072649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.193{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63432- 354300x800000000000000072648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.191{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57451- 354300x800000000000000072647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.189{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54619- 354300x800000000000000072646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.189{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56850- 354300x800000000000000072645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.189{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54617- 354300x800000000000000072644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.188{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62962- 354300x800000000000000072643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.188{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56858- 354300x800000000000000072642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.187{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63182- 354300x800000000000000072641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.187{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54706- 22542200x800000000000000072640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.063{8057F119-21D0-60EC-6307-00000000DB01}7172reddit.map.fastly.net0151.101.13.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.063{8057F119-21D0-60EC-6307-00000000DB01}7172www.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.13.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.060{8057F119-21D0-60EC-6307-00000000DB01}7172youtube-ui.l.google.com02a00:1450:4001:80e::200e;2a00:1450:4001:808::200e;2a00:1450:4001:80f::200e;2a00:1450:4001:810::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.058{8057F119-21D0-60EC-6307-00000000DB01}7172youtube-ui.l.google.com0142.250.181.238;216.58.212.174;142.250.74.206;142.250.186.46;142.250.186.78;142.250.186.110;172.217.18.110;172.217.23.110;216.58.212.142;142.250.185.78;172.217.16.142;142.250.185.110;142.250.185.142;142.250.185.174;142.250.185.206;142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.057{8057F119-21D0-60EC-6307-00000000DB01}7172www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:142.250.185.238;::ffff:142.250.181.238;::ffff:216.58.212.174;::ffff:142.250.74.206;::ffff:142.250.186.46;::ffff:142.250.186.78;::ffff:142.250.186.110;::ffff:172.217.18.110;::ffff:172.217.23.110;::ffff:216.58.212.142;::ffff:142.250.185.78;::ffff:172.217.16.142;::ffff:142.250.185.110;::ffff:142.250.185.142;::ffff:142.250.185.174;::ffff:142.250.185.206;C:\Program Files\Mozilla Firefox\firefox.exe 354300x800000000000000072635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.185{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54734- 354300x800000000000000072634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:12.326{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63287-false10.0.1.12-8000- 23542300x800000000000000072633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.043{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=11C7F6CD2DEDE6B0E2E4B18C565E4DFF,SHA256=797A5807602DC14B97D024FC7355A85927833E656A3D90E31E4D4A5D26ED9BFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.041{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6696134F98842D1C6D710498F66B3C0,SHA256=97D2C1BB829A0BC81FBCCA4A1C93DCD6AA5CF05A8B61BCA686003CEAD2E08418,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.810{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64528- 354300x800000000000000072749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.809{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65294- 354300x800000000000000072748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.808{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60737- 354300x800000000000000072747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.807{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63291-false172.67.4.132-443https 354300x800000000000000072746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.807{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64377- 23542300x800000000000000072745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.824{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8411D16725D69FF2EEF5DBE1952182D7,SHA256=F6DDB3C97838477DC9230ED3A63BBB6AA5321AA4D4F7E4D8D3A2B2B81C14F58F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031943Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:15.434{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=092704C3DB393834CD37D0852A1FA402,SHA256=4A567585B0950202E25FEC0C74C8D792A56AAC5763860277E4AFBB0154206D2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.399{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.150{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.100{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.094{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.084{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.081{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.081{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.078{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.350{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63289-false35.167.137.152ec2-35-167-137-152.us-west-2.compute.amazonaws.com443https 354300x800000000000000072735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.209{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57251- 354300x800000000000000072734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.206{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62450- 10341000x800000000000000072733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.075{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.072{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.071{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.070{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 22542200x800000000000000072729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:13.079{8057F119-21D0-60EC-6307-00000000DB01}7172pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com052.42.129.205;44.235.28.153;34.216.131.110;52.27.200.224;44.226.235.191;44.239.250.14;44.239.125.99;35.167.137.152;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.908{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.908{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.889{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.889{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.880{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.864{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.861{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.861{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.854{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.853{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.849{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.849{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.847{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 23542300x800000000000000072771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.839{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5A3E7F8ADCD5DE2EFF52661FA11ADB2,SHA256=802DA209152F66108AD2E57BECA221E2E3BCFB548F26681653927DDB50B43197,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031944Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:16.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C8C344080B95B0D2EE53A5F8038B250,SHA256=D2F72958964A3DD7C6A4595086FD1CB34C197B709D8674B908A28D465DE917CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.496{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.490{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.211{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.208{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.205{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.190{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.188{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.188{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.179{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.178{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.162{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.157{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.157{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:16.150{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 354300x800000000000000072756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.936{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63294-false104.22.15.187-443https 354300x800000000000000072755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.816{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63292-false69.16.175.42hwcdn.net443https 354300x800000000000000072754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.813{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local56145-false142.250.185.106fra16s49-in-f10.1e100.net443https 354300x800000000000000072753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.810{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56144- 22542200x800000000000000072752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.680{8057F119-21D0-60EC-6307-00000000DB01}7172cds.s5x3j6q5.hwcdn.net069.16.175.10;69.16.175.42;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.680{8057F119-21D0-60EC-6307-00000000DB01}7172code.jquery.com0type: 5 cds.s5x3j6q5.hwcdn.net;::ffff:69.16.175.42;::ffff:69.16.175.10;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000031945Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:17.700{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8646D2D93B34D577245E76B3A55C364,SHA256=A054BB5018F83865348DF03573E8001D49901A8C102173D86684082E63CCE5AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:17.852{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB36D0DBC334107EAC8606C9D42D57BF,SHA256=F99C425D962FB60209F711863FECC22C807764A7DD46C40B0163F7A7AD940E80,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.008{8057F119-08A1-60EC-1400-00000000DB01}1076C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-58448-false127.0.0.1-53domain 354300x800000000000000072789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.005{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58448- 354300x800000000000000072788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.005{8057F119-08A1-60EC-1400-00000000DB01}1076C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue7f00:1:2428:4c89:9870:4a9:a8:ffff-58448-true7f00:1:0:0:0:0:0:0-53domain 354300x800000000000000072787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.985{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63296-false104.22.14.187-443https 354300x800000000000000072786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.981{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59322- 354300x800000000000000072785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:14.980{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58448- 23542300x800000000000000031946Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:18.934{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B5FB7D867BC1B4C64B01CEFF7FD4D42,SHA256=BC6EA01B73B6224C8822AE94B28FE0DD2C1F3511E33A68CB29E63D2ACE66A1B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.864{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03187EBB8D83EA6AEDE0FAE88E5A8C98,SHA256=01EEE3093827495722EE34B026509656C4B5966C7108613AEF0586F12444C3CE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.808{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.803{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.533{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.518{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.494{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.484{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.483{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.477{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.461{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.451{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.450{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.442{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.442{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.437{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.437{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 23542300x800000000000000072841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.423{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=155E0116D299B53C5113533C693AD4D5,SHA256=BF16FF8CF737B9D0BE7147A783BA7567C77AB5DA09F3481725ED3997A7E6B014,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.329{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.328{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.271{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.253{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.248{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.246{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.238{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.236{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.233{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.227{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.221{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.221{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.221{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.221{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.219{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.219{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.209{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.200{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.197{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.196{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.188{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.188{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.186{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.184{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECB,IMPHASH=536E202FBC448C2C3B40D60D87620951trueMicrosoft WindowsValid 10341000x800000000000000072816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.179{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.178{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.176{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.173{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.164{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.160{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.150{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.146{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.142{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.137{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.134{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.129{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.125{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.123{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.109{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.104{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.093{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:15.979{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55704- 10341000x800000000000000072798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.087{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.086{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.081{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.076{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.065{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.065{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.063{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000031948Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:19.966{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CE3DB18EEB2E03E763F1DBC0C4C845E,SHA256=D12BA0382693850482DD6547F148D5C1348876275019A952647C1C74A4250A67,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.934{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000072867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.934{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000072866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.886{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E461199767E5BC9F4830CDDA5C3C06AC,SHA256=728283FA4D60D7B0BF7E30E7FE5D73608820B99D11CB5A4FF220D936816287A2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031947Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:16.554{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51557-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000072865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.807{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000072864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.807{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000072863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.287{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.286{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.251{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECB,IMPHASH=536E202FBC448C2C3B40D60D87620951trueMicrosoft WindowsValid 10341000x800000000000000072860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.245{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.244{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:19.083{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.902{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF737F67C336506B12E5D47D3406ED70,SHA256=FA9667F5642AFBFF4580950244E4085E4BE2EF828F53DC7B8EF1CF9DC541350E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.710{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.709{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.707{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.682{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.681{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.669{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000072883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.669{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000072882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.663{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.655{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.650{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.648{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.648{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.642{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.637{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.631{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.630{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.629{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.627{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000072871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.382{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000072870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:20.381{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 354300x800000000000000072869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:18.283{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63297-false10.0.1.12-8000- 23542300x800000000000000072891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:21.913{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48CDD43943C598D1EA937172372359FE,SHA256=77405927E5DB677C24C1CD5B816E72368BBD34FF037FA96E6ACD1B6AB75293BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031949Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:21.169{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20E5D7EE9C09125418C9FC660EA74CFD,SHA256=62B908F24E646FA4247F351AAFA74D4FFDC814CBAE906C2C14FD14541681A01B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.994{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.993{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.991{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=9E7A4A7085BF3AD338767D1FCA2488EA,SHA256=19A50D9E01AA79BD195F3715076C4E7A6359B879A7190F6D50F1847588947622,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.968{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.956{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.953{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.951{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.951{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.945{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.944{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.939{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.935{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.928{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.928{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.925{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000072893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.921{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55948B969B0F3A44466C9C5074C18252,SHA256=52D189D6F02C60E9F64473852F41D2E5D181E61C3ADCF5CC6CDADC8BDB3A13D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031950Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:22.403{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FBE2A016344FF55682A94490BE50287,SHA256=FC263DFA34B27B3E1C9F15460C1F047B9A7B5ED8CF75F740E6D362C5AF338716,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:22.629{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031966Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.747{50946567-2F4F-60EC-2105-00000000DC01}33642800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031965Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F4F-60EC-2105-00000000DC01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031964Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031963Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031962Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031961Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031960Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031959Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031958Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031957Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031956Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031955Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F4F-60EC-2105-00000000DC01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031954Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.575{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F4F-60EC-2105-00000000DC01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031953Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.576{50946567-2F4F-60EC-2105-00000000DC01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031952Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.419{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3D6DBDF3A6BBD6C508955CAFB702761,SHA256=129CEAEAFF4BE74DFF874EDADC7EA43E87A425ECD5ABBEC986DF1B2C8A3B7A42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.474{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.454{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.452{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.451{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.325{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.318{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.306{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.303{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.302{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.299{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.293{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.286{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.285{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.282{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+46bca03|UNKNOWN(00000059F97F3242) 23542300x800000000000000031951Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:23.372{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BC0972424FEC259B6732C08CD9B7F28F,SHA256=7F9AC57F00D28B6C2B10D187A0B601ED700C5038A22F650EF77D7634803B01FC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031996Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F50-60EC-2305-00000000DC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031995Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031994Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031993Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031992Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031991Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031990Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031989Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031988Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031987Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031986Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F50-60EC-2305-00000000DC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031985Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F50-60EC-2305-00000000DC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031984Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.919{50946567-2F50-60EC-2305-00000000DC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031983Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.731{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8EE798E2A6092E2A18D9701BFB26ACE,SHA256=B76944037669FF7F05470AE45B0BAC813DDC64778E1DC06B5647AC3CE5418C21,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.990{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.990{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.981{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.977{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.976{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.865{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000072929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.864{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000072928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.810{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.407{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000072926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000072925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.374{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000072924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.374{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 23542300x800000000000000072923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.054{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BC5C0BF9FC14FD088DC18763EA588CC,SHA256=F2370EE99D4731A9DE0698F923835C1A88730AB055390BF27D69F96723493CB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031982Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.637{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24CAF5AF0DED0C9E96FAB0C61B101244,SHA256=CC4A6CA1CABC5845D47FF43CCFCF48C65797DC256578A51C665844712ECFF2BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031981Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.637{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC520E28D4D6729374F3926D8A775732,SHA256=A8135730A510D138E6F2C3351BD98D5FD7065A71D9CD086F6586C429F1DC9FE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031980Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.387{50946567-2F50-60EC-2205-00000000DC01}33563784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031979Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F50-60EC-2205-00000000DC01}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031978Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031977Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031976Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031975Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031974Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031973Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031972Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031971Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031970Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031969Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F50-60EC-2205-00000000DC01}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031968Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F50-60EC-2205-00000000DC01}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031967Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:24.247{50946567-2F50-60EC-2205-00000000DC01}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032015Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.934{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24CAF5AF0DED0C9E96FAB0C61B101244,SHA256=CC4A6CA1CABC5845D47FF43CCFCF48C65797DC256578A51C665844712ECFF2BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032014Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.872{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CE7D10ECA3688D9BD39FAC05258260E,SHA256=0E9451D00ED8CB9BDF2170C7648E8205E739C5C7DD40E74CB889F4FC3EA0EFA3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032013Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.825{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032012Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.825{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032011Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.825{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.523{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63941- 354300x800000000000000072951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.522{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63299-false140.82.121.3lb-140-82-121-3-fra.github.com443https 354300x800000000000000072950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.520{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65239- 354300x800000000000000072949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.519{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56170- 354300x800000000000000072948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.519{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62701- 22542200x800000000000000072947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.391{8057F119-21D0-60EC-6307-00000000DB01}7172github.githubassets.com0::ffff:185.199.108.154;::ffff:185.199.109.154;::ffff:185.199.110.154;::ffff:185.199.111.154;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000072946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.300{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.139{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.113{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:23.328{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63298-false10.0.1.12-8000- 10341000x800000000000000072942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.078{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.077{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.075{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.071{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=361CBAE1026D64AECEF627F6D34207B8,SHA256=429C512970AE2886751C48582C391BD0BAEB515EE8CE425988B68538920EC25C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.070{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.068{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032010Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F51-60EC-2405-00000000DC01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032009Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032008Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032007Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032006Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032005Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032004Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032003Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032002Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032001Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032000Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F51-60EC-2405-00000000DC01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031999Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F51-60EC-2405-00000000DC01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031998Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:25.591{50946567-2F51-60EC-2405-00000000DC01}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031997Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:22.382{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51558-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000072936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.006{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.989{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.989{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.968{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.958{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000072973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.958{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 23542300x800000000000000072972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.937{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=9E2411441700A3E2F03C202539041C6B,SHA256=2332C45ECA09A81312708201A4D4E67C7B11C6AFAFDD9EE9D91BF9622322D899,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.923{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000072970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.922{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000032029Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.231{50946567-2F52-60EC-2505-00000000DC01}26722712C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.795{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000072968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.795{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 22542200x800000000000000072967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.395{8057F119-21D0-60EC-6307-00000000DB01}7172analytics-collector-28944298.us-east-1.elb.amazonaws.com0100.26.82.72;3.224.104.154;3.215.161.145;52.201.0.254;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032028Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F52-60EC-2505-00000000DC01}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032027Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000072966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.394{8057F119-21D0-60EC-6307-00000000DB01}7172collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;::ffff:52.201.0.254;::ffff:100.26.82.72;::ffff:3.224.104.154;::ffff:3.215.161.145;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000032026Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032025Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000072965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.394{8057F119-21D0-60EC-6307-00000000DB01}7172avatars.githubusercontent.com0185.199.110.133;185.199.111.133;185.199.108.133;185.199.109.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.393{8057F119-21D0-60EC-6307-00000000DB01}7172github.githubassets.com0185.199.109.154;185.199.110.154;185.199.111.154;185.199.108.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000072963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.392{8057F119-21D0-60EC-6307-00000000DB01}7172avatars.githubusercontent.com0::ffff:185.199.109.133;::ffff:185.199.110.133;::ffff:185.199.111.133;::ffff:185.199.108.133;C:\Program Files\Mozilla Firefox\firefox.exe 354300x800000000000000072962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.271{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61341- 10341000x800000000000000032024Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.196{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63306-false185.199.109.154cdn-185-199-109-154.github.com443https 354300x800000000000000072960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.126{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63305-false10.0.1.12-8089- 354300x800000000000000072959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.095{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63304-false185.199.109.154cdn-185-199-109-154.github.com443https 354300x800000000000000072958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.937{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63303-false185.199.108.133cdn-185-199-108-133.github.com443https 354300x800000000000000072957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.932{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63302-false185.199.109.154cdn-185-199-109-154.github.com443https 10341000x800000000000000032023Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.920{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63301-false185.199.109.154cdn-185-199-109-154.github.com443https 10341000x800000000000000032022Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.913{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63300-false185.199.109.154cdn-185-199-109-154.github.com443https 10341000x800000000000000032021Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032020Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032019Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:24.524{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65348- 23542300x800000000000000072953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:26.089{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E9FF19571611605536E08B7AF68DEB5,SHA256=D8E482BF315909BF68E7E41E4E63881FE8539AA3C0B36A0A67A611EBB95BC900,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032018Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F52-60EC-2505-00000000DC01}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032017Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.091{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F52-60EC-2505-00000000DC01}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032016Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:26.092{50946567-2F52-60EC-2505-00000000DC01}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032031Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:27.106{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2D9F61CF46DBB0C584E3D5B8156A7525,SHA256=3991FEAF957F746CD41853BB1A0F2E5BCD94919600B4104F9F289BBD4D9450EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032030Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:27.075{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AE2DF17070D94D8A5DF8B299DBD89E4,SHA256=ED0161390463D8585939655D51FF23AD35A2E49715B12B67999992A41E7C176F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.340{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000072986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.340{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000072985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.244{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000072984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.244{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000072983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.187{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.186{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.177{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.172{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.104{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CED915CFE7F18AA31CC2AD111E4C0A6,SHA256=22D4907C7ECE6C5FD22C9B300570DC3205C8DE2E8FB64BD298976FE1CBAA4DFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:27.021{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032059Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F54-60EC-2705-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032058Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032057Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032056Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032055Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032054Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032053Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032052Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032051Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032050Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032049Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F54-60EC-2705-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032048Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.903{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F54-60EC-2705-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032047Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.904{50946567-2F54-60EC-2705-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032046Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.403{50946567-2F54-60EC-2605-00000000DC01}29603128C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032045Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F54-60EC-2605-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032044Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032043Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032042Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032041Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032040Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032039Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032038Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032037Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032036Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F54-60EC-2605-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032035Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032034Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.231{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F54-60EC-2605-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032033Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.232{50946567-2F54-60EC-2605-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032032Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:28.169{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE739CA51F7A519239AA447B8F7CC27B,SHA256=2903797E9CF06A0D4969257C7784FA6D33041E3285347B4AF011C98E6D908BC1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.684{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede 10341000x800000000000000073009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.684{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000073008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.647{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.647{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.587{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.555{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.553{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000073003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.552{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000073002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.530{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.527{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.524{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.524{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.503{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.499{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.496{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.495{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.303{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.300{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000072992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.300{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000072991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.279{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.338{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63307-false3.224.104.154ec2-3-224-104-154.compute-1.amazonaws.com443https 354300x800000000000000072989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:25.275{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63308-false140.82.121.6lb-140-82-121-6-fra.github.com443https 23542300x800000000000000072988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:28.111{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=339DD7EA79B55800A4398B072844635A,SHA256=EF47C686FC5C189E5ACD3B344DDB30B7AD25CB7ABFB2EFDA136051871211D630,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032061Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:29.387{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201650B241DE2A053086C84F918616B4,SHA256=B13AC551848C3505D50FF6693F8EB5B119481CFEEE9DE4C2D752081D16D78DE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032060Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:29.387{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83D6BBCD7AF428E251217D1922E677EF,SHA256=44871E77E03717D74FD610A31262E3D301F0FDA25AF122821F53DDEC2E405BFB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.860{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.829{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.829{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.804{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.797{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000073018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.797{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000073017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.763{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.763{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.635{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000073014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.635{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 23542300x800000000000000073013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.383{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\8081MD5=3D874CB9320DE03C0089699A312018CE,SHA256=77AFEC6BC0736D9F581B9377BC220A0704DD815FE60A412EF01B20185339AF08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.382{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\16183MD5=5123BCFAFE93B40AFA2D2B6EC55C8680,SHA256=66275FF620150294B292B610A1EDECF7BD0EFBF4656E28EFD037691BBE246362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.130{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B95F559DD111ABAC55609AD000E86C11,SHA256=20276B8B846ACB9E444BC34DA9F2A03B29647B702023C9A85F0D050DED5914AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032063Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:30.434{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D513AA2F217BC64976DA1D9DFD3D6DD1,SHA256=DE4D61D11620FCAAAAFA868FBFAF1F0DD0BE9CF95392ED28BE0556ABDDB1B6F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.339{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.308{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.140{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F29879749D91478247CE27C7B90DA14,SHA256=90A26A602D3FF1326FE78C6EDF013515E935A5BFAF8FAFEF2CE28BFA8AA7B720,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032062Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:27.586{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51559-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000073027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.056{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.056{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.044{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:30.038{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032064Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:31.528{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEB854D2D3F0FE882A0CB1A4944567F6,SHA256=7FB7293B7A7BF4C1DE2ACF2253B5BB820C338D0D7BF5A49DFAEBF857BA241478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:31.145{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B599981801A522D8C0B428CCECDF4D87,SHA256=942C319DDE11D02C113752714728455840EFF866DC97A1D837F5515E1A682E31,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:29.324{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63309-false10.0.1.12-8000- 23542300x800000000000000032065Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:32.575{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93DA5ADEB32F5DED7C928C5B56B9583D,SHA256=8B8A24BE79AAC6ADCBA72821DFFCB0BB2551BB00D5E078720B69684600676204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:32.149{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=305905AC1744BEC0552C5364F9C94296,SHA256=5F1B3A1957CA8FE0C0BDC83D9C4B20338D38C5EED7EC00CC1A9EC08A877F86A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032066Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:33.797{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FE01D3BD9FDAB659DD5E3B9ADF0C911,SHA256=B7731DF3AC5E08E20902C6933CA3A7533253F148F54C8C28A99D6E8C3FB8A6CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.156{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3750381E0909E327366FA48C0EC93C1,SHA256=4FE40B71A6906E55F5210A0F6AD953F937203A5D7DEC1DD4E43DAE86F7F8E92A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032067Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:34.828{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86CB0557DA6E5696546C88C260A299A9,SHA256=498C62EE40501C26635CCBD74F1E4BC019A59F8BB52277739FA6283B182542BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.639{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local49406- 354300x800000000000000073068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.637{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local65481- 354300x800000000000000073067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.637{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63830- 354300x800000000000000073066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.636{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local64511- 354300x800000000000000073065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.630{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57752- 354300x800000000000000073064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.629{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local58535- 354300x800000000000000073063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.628{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64766- 354300x800000000000000073062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.626{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64970- 354300x800000000000000073061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.625{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local58630- 354300x800000000000000073060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.624{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58241- 354300x800000000000000073059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.623{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local59362- 354300x800000000000000073058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.622{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local63499- 354300x800000000000000073057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.621{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64890- 354300x800000000000000073056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.620{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62174- 354300x800000000000000073055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.620{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62341- 354300x800000000000000073054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.619{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local55828- 354300x800000000000000073053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.618{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64894- 354300x800000000000000073052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.618{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59891- 354300x800000000000000073051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.617{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local54716- 354300x800000000000000073050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.616{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56794- 354300x800000000000000073049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.615{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local56498- 354300x800000000000000073048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.614{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63052- 354300x800000000000000073047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.613{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local54316- 354300x800000000000000073046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.613{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65481- 354300x800000000000000073045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.611{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local59634- 354300x800000000000000073044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.611{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-89.attackrange.local59634-false10.0.1.14win-dc-89.attackrange.local53domain 354300x800000000000000073043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.611{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54733- 354300x800000000000000073042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.611{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54733-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domain 354300x800000000000000073041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.603{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63311-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local49666- 354300x800000000000000073040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.603{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63311-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local49666- 354300x800000000000000073039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.602{8057F119-08A1-60EC-0D00-00000000DB01}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63310-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000073038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.602{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63310-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 23542300x800000000000000073037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:34.487{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F2779A2FBB58F24C45EEDF29A3D1CAF,SHA256=AE006B7DA8683A56796CA1CB3D5C354DEFDACE0A536E2EC8FF0CCBAFAF90CE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:34.486{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=11C7F6CD2DEDE6B0E2E4B18C565E4DFF,SHA256=797A5807602DC14B97D024FC7355A85927833E656A3D90E31E4D4A5D26ED9BFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:34.161{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16DBF0E9E51C88FB3FFC942F1A1B65FC,SHA256=23ED3EAE7877D7B2FCAA70A088594C9FD323151DCCE3F5C708BB3B6ACE16BF59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032069Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:35.844{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E2ED48DC5BC8387299A7B393B899955,SHA256=D521FB9FC304EB29D6DC798D6485706B353CBB7D8B9DAD4CC5ED283C74835BBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:35.523{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4FCFC8EF82013A105AB92E0AACDBD1A,SHA256=B4F6DC9178686D9F698D2FDA16836A63964087B5F2B4393BEBCE23AE6E5FEA41,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032068Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:33.417{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51560-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000073078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.651{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64020- 354300x800000000000000073077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.649{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local54843- 354300x800000000000000073076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.648{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64488- 354300x800000000000000073075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.646{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56240- 354300x800000000000000073074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.645{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local64083- 354300x800000000000000073073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.645{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62539- 354300x800000000000000073072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.644{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local59525- 354300x800000000000000073071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.642{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local65298- 354300x800000000000000073070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.642{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56322- 23542300x800000000000000032070Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:36.859{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C96F6C7F75AFFE16BD675424237D806D,SHA256=AEA5E3DE27F54B4CCECE08E4758EE62F475954B884C3975AAE5829191E731ADE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:36.531{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BCB3B989836DBC687B84AAD19D6F586,SHA256=5320EB31861435EF8E54E7171FBF7574CA92292B4E3C4A3A434B83C79156F8B1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.654{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-89.attackrange.local53domainfalse10.0.1.14win-dc-89.attackrange.local56856- 354300x800000000000000073080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:33.653{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55467- 23542300x800000000000000032071Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:37.875{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B63E50CA41E06AB6F933C9FA0D1C25AF,SHA256=0DE9EE182A76E84C9165D7799F8C4A0A0205F13F9C7CFD8AA11781D2F37C13BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:37.537{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FD16B733573810452676EA3B8F9ED54,SHA256=AC0E866E93E1894A9E1AC72BA0FCC883D14B10B51E8DBC5B2F435374F94BDF3D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:35.226{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63312-false10.0.1.12-8000- 23542300x800000000000000032072Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:38.891{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=910828B82E6005A34CC608D046864694,SHA256=7615ECD6445CCE2EDCD2B23716ABB2D7794DEB0C3B04E6FB49BB2C7B7C12D83C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:38.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB06AEAFBBCD65F1FB017B25E561681E,SHA256=21898809EFD0830C5B1A07C9637E8C3C83B6A307597548646A797E56AB3DB4EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032073Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:39.906{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AAF77F429ECC36BE1461A18C3C0B717,SHA256=9FB293FF6CD4807E313CCEE899EB44BCC996842EDD74ED40216D3E563F723275,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:39.573{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F9F409045A540B0C8FA3E74E85387A6,SHA256=69FAA566596E8C9065204E0BAD389102A1FFD437BB84F74F893B756D0CC86E5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032075Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:40.922{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67F2AE916BF492505F2DD9DA17463678,SHA256=E23C4FC9CFC3FBD74AA5639A85EA8A67319D4766777FC7CB522764EB9F34BCCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:40.590{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75796F8A39067FE3AC4945B98036B758,SHA256=EFC008B0C3253924CA64DDD149430ED31CB81C51FCEE2060E08770569E6805ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032074Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:38.558{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51561-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032076Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:41.938{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6DD51617753DB0A3DEC0659437F09E6,SHA256=91116B12B1D5BC02C6F2D162EF2F4017D10A4042E4FB3ABBEACB730707A2E918,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:41.616{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36B66C7A9937959412CA575CD2B620A1,SHA256=F76FB34E3BB510C2828C1AC96AEA02D6263BA85CE71DD67A703AC95DD9E98C4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032077Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:42.953{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F54BCF11F430EBF51C907988B085B7BC,SHA256=0DDAA770C823579B283D50280D15DD1A6531A722CC9E983DDCBAACACCDA56A0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:42.621{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01FB92BFBE29D16F3F6EAD4CC3FAE873,SHA256=AB5E86F8773CF7C76F96B94DA71E2EB65F8EFA82A7317434C5615D9D0458728A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:42.396{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-2DF7-60EC-C009-00000000DB01}5288C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:42.396{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-2DF7-60EC-C009-00000000DB01}5288C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:42.396{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-2DF7-60EC-C009-00000000DB01}5288C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000073089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:40.322{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63313-false10.0.1.12-8000- 23542300x800000000000000032078Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:43.969{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=772309EA23F092E2159E765AA573B90D,SHA256=121CDB848094295F63DA3D9970F0D3690ED6187701E10DB71C43DBEF56771636,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:43.639{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D177E058B72F8C771A5D740ED533B056,SHA256=E33A8BF27794175C7DA5328C2B0821D4082EAD52B03CD5AF4C1389DEE16AE4E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032079Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:44.984{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB850D2A843796A16CDD0DC127D243F9,SHA256=870321CFBE9B89D00E6E18C9D9B26DD13D0B97AE3697C167AA9CCF077FA88D3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:44.643{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABF50BF90AFE086F78F723E8962EEBDA,SHA256=418C590551C3478A3E11F4661F9613C221FFC0F49FABB389E1E167FB55F6052E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:45.665{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E4197A52111211F7ECB99055F0D316B,SHA256=AA9E4C7B8EE2D28FD2B99C1A445EDF482E8BA144E831F817B40E21CEC477472E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:45.364{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63314-false10.0.1.12-8000- 23542300x800000000000000073200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.864{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C939A1A756092FE7BD85606B47240877,SHA256=5E84387650EAA6D68BA10995FBD91FA53608AA76A981DECACD248F103D8AD552,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.749{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000073190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.743{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.743{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.743{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.743{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.742{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.742{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.742{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.742{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000073179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000073175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000073163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000073158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.727{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.728{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032080Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:46.000{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87234559EC92A06EFF7A56028466FBB0,SHA256=650F3AF8681A2D8D3C7E194FCAA83C6B1471E91B8BB41746FE8C6133B0B2CC83,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.248{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000073150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.248{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.248{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000073148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000073147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.064{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000073135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000073117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000073116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000073114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000073112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000073111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000073110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.049{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000073108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.048{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.048{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.047{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.047{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.046{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000073103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.046{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.046{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.046{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.046{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.046{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.045{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.044{8057F119-2F66-60EC-EF09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.880{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDBBC5FA47E05F04C5CF2EB749EC2E34,SHA256=8DA5E91FCFD4423871F7C032A5C72C145C5BEE565F8A0F33B9A16CBB2EC7E436,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032082Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:44.417{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51562-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032081Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:47.016{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B9F717BCF74E869194F5A7C4CAB9DEE,SHA256=C483A6F7D814FBB0C7D99226F0E3555C8AFD941CAE65DD7F6E85B482E928E4D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.680{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1CC243537CDBB96395679306B873B33,SHA256=D852C3AA90644FB384D59C2209174328B543828C520B2FA716C51CC8B42F12A2,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.664{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000073256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.664{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.664{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000073254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.427{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000073232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.411{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000073220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 10341000x800000000000000073219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000073214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000073209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.395{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.397{8057F119-2F67-60EC-F109-00000000DB01}10180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.064{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CDABE477537F56533769C42AA54CB47,SHA256=E3E29AB1B5CBF6BDB2FD2983871855F3ABAAEDB85CDEBA3EA86487D0A65FC74D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:47.064{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F2779A2FBB58F24C45EEDF29A3D1CAF,SHA256=AE006B7DA8683A56796CA1CB3D5C354DEFDACE0A536E2EC8FF0CCBAFAF90CE1B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.996{8057F119-2F66-60EC-F009-00000000DB01}87365056C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.996{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:46.996{8057F119-2F66-60EC-F009-00000000DB01}8736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000073261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:48.880{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB1F8D276C846DD43C0F0CC46E59D80,SHA256=F140774C6025B268258E4D43423CC2B1638038187A25E9162EC43E88B31E43F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032083Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:48.016{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02137A70CA43CE6DE397F4ABF1CD1142,SHA256=B47E2D184AE85749DA1912FF6C831AAF2393B58BCF9C1CEB7AEBC3772B49859F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:48.396{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CDABE477537F56533769C42AA54CB47,SHA256=E3E29AB1B5CBF6BDB2FD2983871855F3ABAAEDB85CDEBA3EA86487D0A65FC74D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.668{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000073316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.668{8057F119-2F69-60EC-F209-00000000DB01}24164604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.668{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.668{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x800000000000000073313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.549{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000073312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.549{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000073311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.549{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 10341000x800000000000000073310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.549{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 23542300x800000000000000073309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF979646.TMPMD5=63DB820E40DEE151E06A16DA8025FB39,SHA256=CA1203CD054940171195A401EC651D0BD1F09A23CDA9BF1AC36439D84FAB463F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.396{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.396{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.396{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.380{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000073290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000073276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000073273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000073268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.365{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.366{8057F119-2F69-60EC-F209-00000000DB01}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032084Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:49.031{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94AE3FE952345DFF72CFA9A07960C292,SHA256=D4F245CC35968E7E33E5BAE954D4D05F94C21509EC4ACDEC3307A92C0A4BFBDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032085Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:50.031{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AA1CA4D44741C16E875E7B5D850CE1A,SHA256=0431140E06CBD673A8768DDA1D5C47E83937DD7D9030EF158F430E35E40A46EA,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.931{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000073423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.931{8057F119-2F6A-60EC-F409-00000000DB01}100086764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.931{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.931{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000073420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.849{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=734CF834F19901FA055F4A30B489174B,SHA256=1692E8C63B559DA97E712922169F3D26C7644C9B9184D22B89564FBE79016034,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.731{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.731{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.731{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.731{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.716{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.716{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.716{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.716{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.716{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.716{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000073398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000073386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000073384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000073379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.700{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.701{8057F119-2F6A-60EC-F409-00000000DB01}10008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000073372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.530{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.368{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=106C3BAA881A312A612EC8E05F93CEFA,SHA256=F1336AB24F5E37980769CDED860FA469188D4545D612502FCCEF2F7561CC03EF,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.268{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000073369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.268{8057F119-2F6A-60EC-F309-00000000DB01}94288776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.268{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.268{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000073366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.183{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47A630CE9A22403E050C4E7DF67A8176,SHA256=D06FA3486F2DA3D13071174680B367A5C6AD234A538F14DC60D5449BF7DC6AAB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.051{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000073345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000073333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000073331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000073329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000073326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000073324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000073322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.030{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:50.031{8057F119-2F6A-60EC-F309-00000000DB01}9428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032086Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:51.047{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF1A4EC50117A26B99AD7CD6F0233702,SHA256=1E176C8F85EA0E4541B84BFFD767043BE99F875581C11B6FED08B14761496A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:51.701{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=182198AA1161B9BFE2870EC35F29B561,SHA256=0249E4DFADB097B50AB242D9B189F5323056E37EC41A353F6BA273E53B0CAA10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:51.186{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=352688E11FFA116AC01DE6C8D0EF4B8B,SHA256=F544D41835CA0DB43142EAE7C1996123974E8A2B62F854C6C35C18BFB02CF42B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.835{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63315-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000073425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:49.835{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63315-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 10341000x800000000000000073432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:52.500{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:52.500{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:52.500{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:52.169{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59699EBF08E7A06C5DEB641F0E4205E8,SHA256=E66B6232D480173817B07B8360013A41B02A9E22EC40D167604DE44B038DB12B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032087Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:52.063{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1506AFFFB87F9DC6DFAB52774701C03A,SHA256=D671D4FA6C12251A4D4FDEB61D615CD69A7196E0B50BB1F5C7BE1410E074460C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.631{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0EBCA0E9671B2B75F67BAC4CA62CCDE,SHA256=67BA5856E32DC83A2E7D1B33DA46ED8062E5B6F1593243EB92360C011D27BDCB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.443{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000073483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.442{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000073482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.441{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x800000000000000073481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:51.384{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63316-false10.0.1.12-8000- 354300x800000000000000032089Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:49.526{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51563-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032088Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:53.078{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84B81C016ED11D0DD0C9C4BAEED2ADE4,SHA256=6AD7ACF0BF168E8F3C74CDE653DBF22F535B5110D71A1CC50674E6C50BA669A5,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000073479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000073478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000073477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000073476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000073475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000073474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.168{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000073473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000073472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000073471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000073470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000073469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000073467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000073465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000073464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000073463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000073461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000073460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000073457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000073454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000073453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000073448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000073444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.153{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.152{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.151{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.151{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000073440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.151{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.151{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.151{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000073437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.150{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.150{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.150{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.149{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:53.147{8057F119-2F6D-60EC-F509-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:54.215{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51766E5E90794C290F8D94049D9DAB39,SHA256=2FB425A7BEDA3C02DE4EEDDDB61F12BE1A090EF994A5F70A54A731B380E332DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032090Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:54.079{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB2AE0D07B2F92A5D569B9CA3C934C09,SHA256=1DE6B9A1F4E72D07F2D2E97A8BD1D1A88843EC4755A0F7EE3F65BD67F69AF3CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:54.168{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8873172BEF664FD5DFBC025F89DE8B3,SHA256=5FAA2D45399BAECD94ED73365BECA69F0EDA91FD62E0D3D4600296E7E1C4118C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:55.230{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=657523AC4FE60FDD16C65D1AFD5CE4F6,SHA256=F1461A62C0998D8EFF67E96D6DB1C4548DE713B8014B237250FD76684C54F875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032091Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:55.095{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4F4F069DD015D100EF5A00AEDBC2249,SHA256=AE8939DE7CC0A77C0509E3AAC31136C6D175FC3AD7A45B59E8221EA0DD934C39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:56.231{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CE2B81FECBB4AE73C81073B02A63388,SHA256=0EFAB129831E2C5ECA7F64249B37B05D3AB620452D8EC69B417FDFFC88ACA013,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032092Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:56.110{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B725F76D78B30103BDE39C59E76C5989,SHA256=E068540A1061AB2CB762E37A9F30A88E824D0651C07B01EF2C0543866B87338C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032093Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:57.126{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC087E19028F2C6247E5CE570322055C,SHA256=0CFA8E5E2C0268947136F581F8F2E06F16A9CDCD7EE022897ED4EEA03A49B353,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.251{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=755963B6A62D50CBF9236A16961324A4,SHA256=A767BF62EC78C73D810F77BE1B7147C1328E1BA4332C26132ABB522713006376,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.148{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.148{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.147{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.130{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.130{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.130{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.130{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032095Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:58.376{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88E8F19024D9938C113C6BCC3EDA3D07,SHA256=FD9E485E927C802230A118B426A5B60DE5248E2B1D461DE732BC26A65AD931F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.266{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D4AC6996A1049C0CC5AA8EF5137050A,SHA256=6ED81152D3D5DF27F930E99E8A30B920AE23E14B89309C0349FD33F3863462B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032094Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:55.480{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51564-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000073570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.213{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6382062A29493E9180B9A4DCEAB39F7B,SHA256=C3ED31C81E06AEE191EDC22CA391CEDAB85AF63DAF788323A55DBBD593700757,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:58.082{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032096Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:59.501{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21B6590523BD0D9772B8D0C430954894,SHA256=9FE1879348F9AB166000395206462350F76225C797AA399F4F58B3A7BBF02650,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:59.281{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=926365BC85AA0D30C9F8008E0AFA498F,SHA256=51C3C8B7AA6F5DDE3CC0D4DCA39919C1C987900978910FFA278C970C181FF14D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:57.381{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63317-false10.0.1.12-8000- 23542300x800000000000000032097Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:00.674{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D186B6901709A6779DBDCE7593B32EA3,SHA256=3746FB0E9F9606B5642B36FBBA223290602899F0C092B611AFC3882C89942F61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:00.301{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D3965D3E7484928B339C8375A4A31ED,SHA256=890E43DC78295B1F993AB641278A52090D26EBD7458D6D3E7C28E4CEA94BA7D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032098Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:01.723{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DA36EC3C3F2B3DC486C1C748D24DF28,SHA256=EE24AC87B7DDEE2F30622E4D5AF3E5520F6B7823A6BC1793552F8ED6228BE053,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.517{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.517{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.517{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.501{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.501{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.501{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.501{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:01.316{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AE6CD99509468C12F34CF6C72FCAF19,SHA256=363CBC0510D5F64AFBD6F2E97032ACAA01C056A3C64EF613B4B2793EB836D85E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032099Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:02.756{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5395BC74547E8A41A29806A4602CBE80,SHA256=2008AA2922FB17895A50F46992872A6A2CC625DD76217C315329E78BCBD74C05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:02.316{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E5008EABDDB504C572597DC9743318C,SHA256=000F68AFAB327FFFF0087574188CA27A4E7C34D673D31C89DB3B9D91FA520F61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032102Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:03.881{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=447471DA2B8D9736C8345998962BC316,SHA256=ABECA4CB1C359C3A9BDEB6BAB3C9F3658E5DA4B8E98C884D1C63F0C1327E7F60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:03.349{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50A3C374F986FAB1671493AA1EF3C9E3,SHA256=87EEF147BBA9A0E6289F2FF1B3779BBDA934055478890B70C6187AA01D38EE4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032101Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:00.483{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51565-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032100Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:03.069{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:04.368{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90D87CC399798E3069737A8A7A8D4D48,SHA256=470D3FE2C903C3059F265E57123C73FBA581599469AA351657AF901A0CB71B4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:03.282{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63318-false10.0.1.12-8000- 354300x800000000000000032103Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:02.407{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51566-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000073587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:05.382{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC797A8EF5E48B1B389D9EFFA5C2853F,SHA256=996457B1C7FA2A4908AA14DCC9F6A9A47FD66482C97F3E261111B5DC6B2AC90D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032104Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:05.100{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F281A23D67B4EB1056428A2CA26885A,SHA256=D0B56B54858A4548D146865F258A0799255B380A7580B551DFFD37BB98061DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:06.397{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6E600BA962318BC70F3A709876B6B1C,SHA256=21EBAC1AD7BDCE4EE20AE60C0C9CB48488DB540FBA2BCEA20BE82027C64D8D83,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032106Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:04.469{50946567-0A81-60EC-1100-00000000DC01}972C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:2c0c:3cc4:f5ff:fef0win-host-439546dhcpv6-clienttrueff02:0:0:0:0:0:1:2-547dhcpv6-server 23542300x800000000000000032105Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:06.194{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=831D767713DD6D827244C737810FD047,SHA256=8B1EB8A3ACB5B7EFD6665D4C443C0E79F041BD69CD655E9F540697CB4F493B07,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000073604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:03:07.981{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\2F5B0B75-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_2F5B0B75-0000-0000-0000-100000000000.XML 13241300x800000000000000073603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:03:07.981{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\A48E1583-94F8-4700-B651-E79BB21ACBC2\Config SourceDWORD (0x00000001) 13241300x800000000000000073602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:03:07.981{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\A48E1583-94F8-4700-B651-E79BB21ACBC2\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_A48E1583-94F8-4700-B651-E79BB21ACBC2.XML 10341000x800000000000000073601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.950{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.928{8057F119-21BD-60EC-4B07-00000000DB01}58806200C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.912{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.912{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.411{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26087D0C0D1586F498E8FBC2C772F7AA,SHA256=B49B09AD6EEFEEF0377C8E896583E66C819C81256D4411590AFA05A4203E07C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032107Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:07.209{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E75B3A7698A69E3BDEC5240047A9BD62,SHA256=E2C716FB3C41C3B4ED1CCED9CB856CC14063909701CDCB75CBE7E420CEE1503B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.396{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.380{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.380{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.380{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.365{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.365{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.365{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:07.365{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000073613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.567{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.567{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.529{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.514{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.414{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AD13013A5A4644E348C53B2D56E3500,SHA256=51899191D50640446855D45D8BC57CAC219A3D0391A8EBCD1875B5989377E34B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032109Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:06.516{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51567-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032108Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:08.225{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA7010028677BE6AE948D2D5111DEF6A,SHA256=7F4C8F84D94D52EDAC1831CE9EFACE9E2D7A68997608DFAB10DD4940BBCE5106,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.328{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.097{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.097{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.065{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032110Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:09.240{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCE161F031B257353DC8204F60AF3BC0,SHA256=100DDD793204B4AC4FD03DFEAE60651100C13D61F7A60982DC26EE1B1F1C954F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.145{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63321-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000073625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.145{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63321-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000073624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.131{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63320-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000073623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.130{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63320-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 10341000x800000000000000073622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.466{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.466{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000073620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.429{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA411E0E9A5510DBED6CD562BBFC5DF9,SHA256=282325BCB3FBEB6260EBC8A207423EB82670943B60472F11EDB34CC5A4B43A1C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.382{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000073618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.382{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 354300x800000000000000073617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.104{8057F119-08A1-60EC-0D00-00000000DB01}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63319-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000073616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.104{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63319-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 23542300x800000000000000073615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.998{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0229EEF5A7AB0466EC7F285DA4C6DE01,SHA256=AF9C5AE55E60F448412630DD2AF5887C38064CE31BCD2B00056A1DE8D5DD587F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:08.998{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C6DC4EBEFA17B60FC3B45B38BADF059,SHA256=D572E62CCC45E75D49A1186F304EAEADCAC00FCA2BF405EA28E7F5BF51E6473E,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000073631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.559{8057F119-21D0-60EC-6307-00000000DB01}7172www.google.com02a00:1450:4001:808::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.555{8057F119-21D0-60EC-6307-00000000DB01}7172www.google.com0172.217.16.132;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.554{8057F119-21D0-60EC-6307-00000000DB01}7172www.google.com0::ffff:172.217.16.132;C:\Program Files\Mozilla Firefox\firefox.exe 354300x800000000000000073628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.265{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63322-false10.0.1.12-8000- 23542300x800000000000000073627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.429{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8228E934449EC2B7E57C09F7712D8C36,SHA256=2EFD590C0D98A94C80D55793C5B01461B11D2E093F14BFA85CE26DB620BB158C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032111Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:10.256{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A171AAF54BB28E820BAEA5140AAD48C3,SHA256=C84BBD1EB3AEB6D608AECD895640C1813C5963F61AC2D357A129D361B35F80F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.623{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59043- 354300x800000000000000073639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.623{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64660- 354300x800000000000000073638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.623{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63133- 354300x800000000000000073637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.622{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54620- 354300x800000000000000073636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.622{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57085- 354300x800000000000000073635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.621{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63689- 354300x800000000000000073634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.685{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55361- 354300x800000000000000073633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:09.685{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local54617-false172.217.16.132zrh04s06-in-f132.1e100.net443https 23542300x800000000000000073632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:11.442{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89129FEEF3DE87E8FB2A53834C3EA805,SHA256=EC58DF0F1BF3D1C090ECB883C02C5D70AA5C7B1B1BF1E5766DFA11CB3E5B3C95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032112Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:11.272{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCCF29375A279AC83B54E8D043127D4C,SHA256=1C4FFE924A596E3039783200AE2D180B6DCB68252EFE17B87F4C48DC8B79FEC6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.890{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.888{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.888{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.819{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.817{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.814{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.813{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.813{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.812{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.812{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.810{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.810{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.809{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.805{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.799{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.795{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.795{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.794{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.792{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.792{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.713{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3 10341000x800000000000000073653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.713{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 10341000x800000000000000073652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.713{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000073651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.712{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.709{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000073649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.706{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.703{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000073647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.665{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.665{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000073645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.637{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\formhistory.sqlite-journalMD5=CA5C45A0E2EBB6D308487FE69B0FE74C,SHA256=0B7415EB6483473A36989CA5D9A80BB1535D219188A6B30345DFC95BCB4D5857,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.636{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000073643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.636{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 354300x800000000000000073642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:10.626{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62930- 23542300x800000000000000073641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.454{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87E1DE2A615EA2EE5244E9647E409DB8,SHA256=6EBC0BD379CDB5B767590D1583B732E2CB271C8C359A8A842DC4A8E54897E8C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032113Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:12.272{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E20B63F08E6240FC4A5D54AE515F7A8E,SHA256=4FBACD2FE11C847AC6EF4507DE5882ABA40712D9AC93CB2EF273B201D79CE3A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.941{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57773- 354300x800000000000000073684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.941{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local59198-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x800000000000000073683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.937{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59197- 354300x800000000000000073682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.916{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local49498- 354300x800000000000000073681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.886{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-59114- 354300x800000000000000073680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.862{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59114- 23542300x800000000000000073679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.842{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=416AD388A7BB32BA3DD721A202B1035B,SHA256=7BF2CEEDDDAA77F1FD62BBF24FB0ED4098506C24E8CE44EC61A8FE82B30E35AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.540{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000073677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.539{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000032114Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:13.287{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B983DE47F775297E317CBBCFADD46491,SHA256=FA7742D6C7B5C46FAE3CFC2D6E34AD13FC06B15A65F11C417261D85972F1FCD1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.320{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.254{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000073706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.978{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65319- 354300x800000000000000073705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.978{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local49518- 354300x800000000000000073704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.975{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62988- 10341000x800000000000000073703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.745{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000073702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.745{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 23542300x800000000000000073701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.657{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=A9EB072C09BE3E777F2C26C8D3000577,SHA256=03D20BA6DA3AE69393A4E7CA4B1451585FB4C3A58BEDEA94A7AE5A92FB36DDDE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.655{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.655{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 354300x800000000000000073698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.381{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63323-false142.250.184.227fra24s12-in-f3.1e100.net443https 354300x800000000000000073697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.379{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local49253-false142.250.184.227fra24s12-in-f3.1e100.net443https 23542300x800000000000000073696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.548{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79F0EAE054BF5D8E7F898D20BCF38FAC,SHA256=739AF126D00EED5D002A827E24F565139D906A66452FF38E8E40B1FDA91E07AA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032116Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:12.547{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51568-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032115Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:14.290{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A990AFCCD73DC0FD1CA0AA6122816B0,SHA256=BF949B26071BB51442F90111B43BE33911F347377989A6347A3D0EC3BB221716,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.394{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.394{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 354300x800000000000000073693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.373{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60691- 354300x800000000000000073692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.371{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local49252- 354300x800000000000000073691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.370{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63194- 10341000x800000000000000073690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.299{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000073689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.299{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 22542200x800000000000000073688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.813{8057F119-21D0-60EC-6307-00000000DB01}7172gstaticadssl.l.google.com02a00:1450:4001:80f::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.811{8057F119-21D0-60EC-6307-00000000DB01}7172gstaticadssl.l.google.com0142.250.186.99;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:12.786{8057F119-21D0-60EC-6307-00000000DB01}7172pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com052.42.129.205;52.33.45.66;34.215.151.143;44.237.104.177;34.215.46.102;52.12.55.135;52.34.83.111;44.239.250.14;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000073756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.987{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000073755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.987{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000073754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.893{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=594107A82425A63138BA8381E8887F55,SHA256=BBC57DCA2930586E9D1E78B76E22492FC778CC9254402881BC59349A4EFB09E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.871{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58101- 354300x800000000000000073752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.871{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63324-false151.101.129.69-443https 354300x800000000000000073751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.870{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54711- 354300x800000000000000073750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.866{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local49234- 10341000x800000000000000073749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.786{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000073748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.786{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.684{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000073746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.541{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54624- 354300x800000000000000073745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.541{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55370- 10341000x800000000000000073744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.579{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032117Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:15.306{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B0DEEDF162D7C6E377D12B309C92F7,SHA256=99ED5CE19172BCD798FA1455DDD30E9F09592DD30FB3BA07422E6ACFF5FE29BC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.212{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.211{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.210{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.209{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.208{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.204{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.194{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.194{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.178{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.171{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.167{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.161{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.161{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.143{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.135{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.134{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000073727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.085{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local54620-false216.58.212.130ams15s21-in-f130.1e100.net443https 354300x800000000000000073726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.083{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63237- 354300x800000000000000073725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.080{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62441- 354300x800000000000000073724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.031{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60037- 354300x800000000000000073723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.030{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60917- 354300x800000000000000073722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.029{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local54622-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x800000000000000073721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.029{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62070- 354300x800000000000000073720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.029{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61650- 354300x800000000000000073719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.026{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61270- 23542300x800000000000000073718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.074{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\indexMD5=40F5CCD174A9CDB58F8B37CD8B15C03A,SHA256=780A017718242817B07671ACA4CAFEF6A88D7D92474873146C47818CA72038E7,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000073717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.739{8057F119-21D0-60EC-6307-00000000DB01}7172stackoverflow.com0::ffff:151.101.129.69;::ffff:151.101.65.69;::ffff:151.101.193.69;::ffff:151.101.1.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.952{8057F119-21D0-60EC-6307-00000000DB01}7172adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:142.250.74.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.904{8057F119-21D0-60EC-6307-00000000DB01}7172www3.l.google.com02a00:1450:4001:831::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.900{8057F119-21D0-60EC-6307-00000000DB01}7172www3.l.google.com0172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.900{8057F119-21D0-60EC-6307-00000000DB01}7172ogs.google.com0type: 5 www3.l.google.com;::ffff:172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.850{8057F119-21D0-60EC-6307-00000000DB01}7172plus.l.google.com02a00:1450:4001:827::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.848{8057F119-21D0-60EC-6307-00000000DB01}7172plus.l.google.com0142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.847{8057F119-21D0-60EC-6307-00000000DB01}7172apis.google.com0type: 5 plus.l.google.com;::ffff:142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.249{8057F119-21D0-60EC-6307-00000000DB01}7172id.google.com02607:f8b0:4006:81a::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.245{8057F119-21D0-60EC-6307-00000000DB01}7172id.google.com0142.250.184.227;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:13.243{8057F119-21D0-60EC-6307-00000000DB01}7172id.google.com0::ffff:142.250.184.227;C:\Program Files\Mozilla Firefox\firefox.exe 734700x800000000000000073829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.983{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000073828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.969{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\libEGL.dll2.1.14225 git hash: 3778168311caANGLE libEGL Dynamic Link LibraryANGLE libEGL Dynamic Link Library-libEGL.dllMD5=BA4ABACD23368AEDAA4BBE5DEB09907C,SHA256=26EDA74DA83951DCD054C1AFFED2CE522C13FB4CF6800ABADB2D91F835C83134,IMPHASH=733FEA540C63883BB80910CFCF25367EtrueMozilla CorporationValid 734700x800000000000000073827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.965{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\d3d9.dll10.0.14393.447 (rs1_release_inmarket.161102-0100)Direct3D 9 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D9.dllMD5=98326410B37312F3A57E8040250BDC32,SHA256=ADDEE549568ABA1E45C6868D76162F5DE6E58CBD83C43429EA0F9868ECA3DC42,IMPHASH=A3F81B60CD48F233C949F2E60B5C9AD4trueMicrosoft WindowsValid 734700x800000000000000073826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.909{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\libGLESv2.dll2.1.14225 git hash: 3778168311caANGLE libGLESv2 Dynamic Link LibraryANGLE libGLESv2 Dynamic Link Library-libGLESv2.dllMD5=DA77F9E4005E78E0446A30409448D409,SHA256=D725D0A84F64D118C2E3346718D589292856C4E30D880868224D8667EF0AFA56,IMPHASH=EDF31D21C467DF72D61BCFE98451ECE4trueMozilla CorporationValid 23542300x800000000000000073825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.925{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB91991F029CD6D8253E9435448D8C2B,SHA256=1E9CC0FB1A1974AF79D4353CBF650F8733B7692D041F45A30B306B078D29BF39,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000073824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.853{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\D3DCompiler_47.dll10.0.14393.3930 (rs1_release.200901-1914)Direct3D HLSL CompilerMicrosoft® Windows® Operating SystemMicrosoft Corporationd3dcompiler_47.dllMD5=6C441F5AD6724D68B27D9928C6C1170D,SHA256=EEA0AE3BDCEF59AF62F471E90C489044B8DB55BFF6377231E002A70AB1F8CF73,IMPHASH=6FDF9A87126D967D12E1FE5AAD5EEF07trueMicrosoft WindowsValid 23542300x800000000000000073823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.914{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E217AF1B21B876AC71A37E07E90F9DA5,SHA256=92496CF0391F2290C0659594D3534A710F46E8CEB4A1717EB341A91D643111AE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.910{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local54624-false74.125.133.157wo-in-f157.1e100.net443https 354300x800000000000000073821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.878{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63335-false74.125.133.157wo-in-f157.1e100.net443https 354300x800000000000000073820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.851{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local57474-false142.250.186.161fra24s08-in-f1.1e100.net443https 354300x800000000000000073819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.826{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57473- 354300x800000000000000073818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.826{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63334-false142.250.186.161fra24s08-in-f1.1e100.net443https 354300x800000000000000073817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.812{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63429- 734700x800000000000000073816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.726{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msdmo.dll10.0.14393.0 (rs1_release.160715-1616)DMO RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdmo.dllMD5=3246C9C5ECF6555103C7119161ACC8C8,SHA256=3A29292F04B09A91C305062E00756194A83BDEA3ABB1BFB783D908E6D1BEBFBC,IMPHASH=B5AB2AA782AD334C5633AAE30A2CFF41trueMicrosoft WindowsValid 734700x800000000000000073815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.724{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\msacm32.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ACM Audio FilterMicrosoft® Windows® Operating SystemMicrosoft Corporationmsfltr32.acmMD5=CCA98E5C82E2636956A08C28DEAA739B,SHA256=6ECD122306AFF30FD1F8BB325C981A6177FA41CD8F4D7CA809E9B1ED6FF52F77,IMPHASH=02CCE03885FF4C014AF552A1F9D7F605trueMicrosoft WindowsValid 734700x800000000000000073814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.695{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\Speech\Common\sapi.dll5.3.25307.00 (rs1_release.210107-1130)Speech APIMicrosoft® Windows® Operating SystemMicrosoft Corporationsapi.dllMD5=34432230D52A0BC141A809839D59102F,SHA256=A9645FE7B2860258846225636CDFBBB5D554260AD8A7598CFB0E62256566F1DC,IMPHASH=C38AE271B8F2290A059AC00D85D8CEA6trueMicrosoft WindowsValid 354300x800000000000000073813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.567{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54316- 354300x800000000000000073812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.543{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54626- 354300x800000000000000073811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.542{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54625- 354300x800000000000000073810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.542{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local49476- 354300x800000000000000073809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.326{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local59803-false142.250.185.238fra16s53-in-f14.1e100.net443https 354300x800000000000000073808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.233{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local59802-false172.217.23.98fra16s45-in-f2.1e100.net443https 354300x800000000000000073807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.230{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63333-false10.0.1.12-8000- 354300x800000000000000073806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.222{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63332-false142.250.185.195fra16s52-in-f3.1e100.net80http 23542300x800000000000000032118Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:16.321{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57FFC179AF2680D257ED7B2CEEA8A56B,SHA256=D0D4F93056335470AAA9F630BD65DABBD48E135040E0482B24602740BA6545E6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6D07-00000000DB01}7292C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6A07-00000000DB01}6676C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.406{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+121488e|C:\Program Files\Mozilla Firefox\xul.dll+12e17ad|C:\Program Files\Mozilla Firefox\xul.dll+12b52aa|C:\Program Files\Mozilla Firefox\xul.dll+12b5164|C:\Program Files\Mozilla Firefox\xul.dll+3c09f0|C:\Program Files\Mozilla Firefox\xul.dll+e16225|C:\Program Files\Mozilla Firefox\xul.dll+e164b6|C:\Program Files\Mozilla Firefox\xul.dll+e13e2e|C:\Program Files\Mozilla Firefox\xul.dll+e14060|C:\Program Files\Mozilla Firefox\xul.dll+28811fa|C:\Program Files\Mozilla Firefox\xul.dll+2880fb8|C:\Program Files\Mozilla Firefox\xul.dll+288463e|C:\Program Files\Mozilla Firefox\xul.dll+287e5a3|C:\Program Files\Mozilla Firefox\xul.dll+23116d|C:\Program Files\Mozilla Firefox\xul.dll+3e4c31|C:\Program Files\Mozilla Firefox\xul.dll+117d0d1|C:\Program Files\Mozilla Firefox\xul.dll+10ee581|C:\Program Files\Mozilla Firefox\xul.dll+3c47bd|C:\Program Files\Mozilla Firefox\xul.dll+11873b7|C:\Program Files\Mozilla Firefox\xul.dll+1112adc|C:\Program Files\Mozilla Firefox\xul.dll+1117990 10341000x800000000000000073795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.376{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.376{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 354300x800000000000000073793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.219{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59801- 354300x800000000000000073792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.218{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65073- 354300x800000000000000073791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.216{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64163- 354300x800000000000000073790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.199{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63331-false172.217.23.98fra16s45-in-f2.1e100.net443https 354300x800000000000000073789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.198{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63330-false142.250.185.238fra16s53-in-f14.1e100.net443https 354300x800000000000000073788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.181{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58770- 354300x800000000000000073787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.181{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55917- 354300x800000000000000073786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.180{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64768- 354300x800000000000000073785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.178{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64817- 354300x800000000000000073784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.098{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63328-false192.0.73.2-443https 354300x800000000000000073783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.098{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63329-false151.101.112.193-443https 354300x800000000000000073782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.086{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65037- 354300x800000000000000073781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.085{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64555- 354300x800000000000000073780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.085{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64622- 354300x800000000000000073779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.083{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60151- 354300x800000000000000073778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.081{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63327-false151.101.65.69-443https 354300x800000000000000073777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.077{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63326-false151.101.65.69-443https 354300x800000000000000073776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.077{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56739- 354300x800000000000000073775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.076{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63325-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x800000000000000073774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.072{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63540- 354300x800000000000000073773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.071{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64420- 354300x800000000000000073772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.069{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64711- 22542200x800000000000000073771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.699{8057F119-21D0-60EC-6307-00000000DB01}7172pagead-googlehosted.l.google.com02a00:1450:4001:813::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.696{8057F119-21D0-60EC-6307-00000000DB01}7172pagead-googlehosted.l.google.com0142.250.186.161;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.052{8057F119-21D0-60EC-6307-00000000DB01}7172www-google-analytics.l.google.com02a00:1450:4001:800::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:15.051{8057F119-21D0-60EC-6307-00000000DB01}7172www-google-analytics.l.google.com0142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.960{8057F119-21D0-60EC-6307-00000000DB01}7172www.gravatar.com02a04:fa87:fffe::c000:4902;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.958{8057F119-21D0-60EC-6307-00000000DB01}7172ipv4.imgur.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.956{8057F119-21D0-60EC-6307-00000000DB01}7172ipv4.imgur.map.fastly.net0151.101.112.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.955{8057F119-21D0-60EC-6307-00000000DB01}7172i.stack.imgur.com0type: 5 ipv4.imgur.map.fastly.net;::ffff:151.101.112.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.955{8057F119-21D0-60EC-6307-00000000DB01}7172www.gravatar.com0192.0.73.2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.954{8057F119-21D0-60EC-6307-00000000DB01}7172www.gravatar.com0::ffff:192.0.73.2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.950{8057F119-21D0-60EC-6307-00000000DB01}7172cdn.sstatic.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.947{8057F119-21D0-60EC-6307-00000000DB01}7172cdn.sstatic.net0151.101.1.69;151.101.129.69;151.101.193.69;151.101.65.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.943{8057F119-21D0-60EC-6307-00000000DB01}7172cdn.sstatic.net0::ffff:151.101.65.69;::ffff:151.101.1.69;::ffff:151.101.129.69;::ffff:151.101.193.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.752{8057F119-21D0-60EC-6307-00000000DB01}7172stackoverflow.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:14.741{8057F119-21D0-60EC-6307-00000000DB01}7172stackoverflow.com0151.101.65.69;151.101.193.69;151.101.1.69;151.101.129.69;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000073861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.941{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=623F6905112369B5462097771D044A16,SHA256=3709DC36FFB06EE0B3C1900210625DC847B96E071F746CD58330C5F2180255FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.633{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local55545-false142.250.185.198fra16s52-in-f6.1e100.net443https 354300x800000000000000073859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.555{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55544- 354300x800000000000000073858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.555{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59056- 354300x800000000000000073857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.550{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63270- 354300x800000000000000073856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.545{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57792- 354300x800000000000000073855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.511{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63346-false172.217.16.132zrh04s06-in-f132.1e100.net443https 354300x800000000000000073854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.507{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63345-false142.250.185.198fra16s52-in-f6.1e100.net443https 23542300x800000000000000032119Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:17.556{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC030104D02DD4C6D15F278D8694177A,SHA256=883CAA7B460F7C6654C05C52F55FA8ECF72C51DC0544BADD88D6D805B471B348,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.630{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\4288MD5=54EBF9003423D5708AA56D8EAB88496F,SHA256=3CB0AAB3AD3A70EC916035CADA64C4DAE9B61745F4E248AC0C76EE8945828C45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.626{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\9349MD5=49F1B2C6574C763E763D7CDF2D748E27,SHA256=2E73B653C002F10501D577C00EB979505FC1CE478059A14CE60FE4AB1C40AB1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.323{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63344-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x800000000000000073850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.321{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63343-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x800000000000000073849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.318{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local49311-false142.250.185.225fra16s53-in-f1.1e100.net443https 354300x800000000000000073848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.274{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63342-false142.250.185.195fra16s52-in-f3.1e100.net80http 354300x800000000000000073847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.257{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63341-false142.250.185.225fra16s53-in-f1.1e100.net443https 354300x800000000000000073846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.210{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63340-false142.250.185.195fra16s52-in-f3.1e100.net80http 354300x800000000000000073845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.191{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local49310- 354300x800000000000000073844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.186{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63339-false142.250.185.225fra16s53-in-f1.1e100.net443https 354300x800000000000000073843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.184{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63338-false142.250.185.225fra16s53-in-f1.1e100.net443https 354300x800000000000000073842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.159{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57881- 354300x800000000000000073841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.143{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63337-false151.101.1.69-443https 354300x800000000000000073840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.064{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63336-false172.217.23.98fra16s45-in-f2.1e100.net443https 354300x800000000000000073839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.049{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58490- 23542300x800000000000000073838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.124{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=3BFE2783A1786A4B051577ECE960CBAD,SHA256=D9BA1265200A735281FE47B69C41F0ADAFA32597EEDBA41DC1A8D39ADBA06459,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.064{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000073836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.063{8057F119-21D0-60EC-6307-00000000DB01}7172s0-2mdn-net.l.google.com02a00:1450:4001:80e::2006;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.061{8057F119-21D0-60EC-6307-00000000DB01}7172s0-2mdn-net.l.google.com0142.250.185.198;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.008{8057F119-21D0-60EC-6307-00000000DB01}7172clc.stackoverflow.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.005{8057F119-21D0-60EC-6307-00000000DB01}7172clc.stackoverflow.com0151.101.129.69;151.101.193.69;151.101.65.69;151.101.1.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.004{8057F119-21D0-60EC-6307-00000000DB01}7172clc.stackoverflow.com0::ffff:151.101.1.69;::ffff:151.101.129.69;::ffff:151.101.193.69;::ffff:151.101.65.69;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000073831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.023{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:16.987{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\CoreMessaging.dll10.0.14393.3930Microsoft CoreMessaging DllMicrosoft® Windows® Operating SystemMicrosoft CorporationCoreMessaging.dllMD5=3D9D2F367587B2E93F2868F52D4ACBDD,SHA256=B4B27A7D4B9B685B6015D090B6A3E0E578AFBDE8D6C06A8F2E606A439D5A4BA4,IMPHASH=92CA7117B99353AC45978E95EEB5A46DtrueMicrosoft WindowsValid 23542300x800000000000000073864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:18.660{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C0B686A19650EB149098C9237ECC599,SHA256=C3B5A8F1F9A27F072361F05151EE9E892287897B87415BBB99775B8FF3FB19CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032120Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:18.681{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF80713388407B809D537764D0FBB59D,SHA256=849AC47ABA4F057ED77A46806BAD1F142C1582884B354EFD1203D02CDD587D6A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:18.328{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:18.299{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032121Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:19.915{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26D33E0DBA752C7A7FA58C800CA300F9,SHA256=9AA70AFE5C9854EE5970FDCDE43BF20D12C67C2E4F79AA59218F80A055C444C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.669{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A00AE91FED95F6667905CC04B4AC5CFC,SHA256=36E35BC48FC8AA29EFFBE5C90D1AB9FC0D4068D72368FD66C3030DFD4B6EA5C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:17.551{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64105- 10341000x800000000000000073866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.168{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.128{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:20.710{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAD6803B0D26154596C2956252F9235D,SHA256=89F855760AE075C94A3BF6BB796530DCE3306EFDD97AF5085F44C2C46C83E463,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032123Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:17.566{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51569-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x800000000000000032122Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:03:20.759{50946567-0A81-60EC-1500-00000000DC01}1032C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d77715-0xe863d84c) 354300x800000000000000073875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.308{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63348-false104.16.149.64-443https 354300x800000000000000073874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.199{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60921- 354300x800000000000000073873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.199{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63347-false104.16.149.64-443https 354300x800000000000000073872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.199{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63632- 10341000x800000000000000073871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:20.024{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:20.022{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:20.020{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.728{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A1A707BA24AFEBA53FD505C7E1F4B12,SHA256=D26EAAD54878E27217C51823BC66BEFEC25293E7E0703CB679262DA575588593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032124Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:21.150{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F4146A25E170AAB386256A968F2827B,SHA256=A7C62332322631E50489F51DA17455BB4F028A2AC972FB9D6878FDA6C6B09385,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:20.154{8057F119-08A1-60EC-1000-00000000DB01}100C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-89.attackrange.local123ntpfalse169.254.169.123-123ntp 10341000x800000000000000073897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.623{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.623{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.601{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.601{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.599{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.599{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.598{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.570{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.566{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.563{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.508{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.490{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.476{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.455{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.452{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.446{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.405{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.393{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000073879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.076{8057F119-21D0-60EC-6307-00000000DB01}7172cdn.cookielaw.org02606:4700::6810:9440;2606:4700::6810:9540;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.069{8057F119-21D0-60EC-6307-00000000DB01}7172cdn.cookielaw.org0104.16.148.64;104.16.149.64;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000073877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:19.067{8057F119-21D0-60EC-6307-00000000DB01}7172cdn.cookielaw.org0::ffff:104.16.149.64;::ffff:104.16.148.64;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000073903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:22.993{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=9360CB86475306D7547616FB19E4F45C,SHA256=B04949C2BF17BF17F858071EAD82021B69FE647D4C22AEC218D10340B4CD43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:22.735{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CCA803D04A985E361025FB9AFD3DABD,SHA256=91AF5763EFDC27AE580F1204C5B5DDC57C6063EF4DC4182E6B90FD514BC4DC15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032125Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:22.386{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68EA33786D053A5E71BF05B31F3294B7,SHA256=766D7FB0B6DA7411DB65EE1B7BFEC977837813D1F0EDEE0BEA72AEA99411A541,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:22.234{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:22.225{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:23.986{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:23.880{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:23.861{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:23.739{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E2F787BC81B5FED26AD83B50FB15AF8,SHA256=81345CF5759E896F72A2BD86EE810AAAFDB1F64025C71E3E76718AFC6251E9C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032140Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F8B-60EC-2805-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032139Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032138Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032137Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032136Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032135Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032134Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032133Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032132Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032131Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032130Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F8B-60EC-2805-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032129Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.573{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F8B-60EC-2805-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032128Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.574{50946567-2F8B-60EC-2805-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032127Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.417{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B54017E836E5B8CF33F99C394AEC8541,SHA256=225EE6020690F35C44E72F11AF11F207BFA08A8624EDCB6C538BC593A4070186,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:21.202{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63349-false10.0.1.12-8000- 23542300x800000000000000032126Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.386{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=259139CF8F1873074B69F66D3033D6BE,SHA256=75F74B6AA5F624EB61DB19905F9D58B420FDA474A6DFA343F0938E3391A6BDDA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.957{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede 10341000x800000000000000073914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.957{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 23542300x800000000000000073913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.759{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5E7761F84689EFDE0DEC5E0FFD2E8DA,SHA256=E236C0BF99110E25AD5FD98B2F4BEEAE57EB23C9B013DCCF64A1C9FC4A3C6DB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032171Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.870{50946567-2F8C-60EC-2A05-00000000DC01}15282472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032170Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F8C-60EC-2A05-00000000DC01}1528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032169Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032168Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032167Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032166Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032165Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032164Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032163Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032162Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032161Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F8C-60EC-2A05-00000000DC01}1528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032160Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032159Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.620{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F8C-60EC-2A05-00000000DC01}1528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032158Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.621{50946567-2F8C-60EC-2A05-00000000DC01}1528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032157Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.604{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69C508DA685BCE7FC6DA89CC78CAA622,SHA256=491FE0F1F99E5107C44016628CA290E65EF954044346329FBF1963822F55E697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032156Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.604{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4733856B404B11CAF01F9E7BF36485BC,SHA256=F5A9653E266F9D3516F53B650BE33D58A40255D46D1F85416DECCED3A12E5DEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032155Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.526{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8B8749C5CB37DEFD993308CAA16C0C,SHA256=A1B295C48926531F9EF1081E1875B7D5A055EA119219C0BE560D3B147DA1CBB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.388{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000073911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.387{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000073910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.259{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000073909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:24.259{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000032154Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.277{50946567-2F8C-60EC-2905-00000000DC01}32523592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032153Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F8C-60EC-2905-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032152Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032151Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032150Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032149Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032148Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032147Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032146Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032145Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032144Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032143Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F8C-60EC-2905-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032142Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.073{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F8C-60EC-2905-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032141Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:24.074{50946567-2F8C-60EC-2905-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.773{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60E20D7BE4D4937942742D08E96F18C,SHA256=8D38A25122516BF482155D0628A63592D4EDA500D96CA6A6E1590F562370E94B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032200Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F8D-60EC-2C05-00000000DC01}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032199Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F8D-60EC-2C05-00000000DC01}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032198Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032197Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032196Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032195Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032194Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032193Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032192Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032191Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032190Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032189Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F8D-60EC-2C05-00000000DC01}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032188Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.763{50946567-2F8D-60EC-2C05-00000000DC01}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032187Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEDEC7DF1643CDFB2C6D0C7770C22ADF,SHA256=203E1AB5FE5CBF7BB01D6485ABA1EA2FDAEAF63B267C83D22BBBEF24A1EC8669,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032186Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.761{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69C508DA685BCE7FC6DA89CC78CAA622,SHA256=491FE0F1F99E5107C44016628CA290E65EF954044346329FBF1963822F55E697,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.706{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.706{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.628{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.628{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.626{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.021{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032185Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.339{50946567-2F8D-60EC-2B05-00000000DC01}3452984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032184Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F8D-60EC-2B05-00000000DC01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032183Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032182Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032181Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032180Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032179Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032178Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032177Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032176Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032175Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032174Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F8D-60EC-2B05-00000000DC01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032173Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.120{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F8D-60EC-2B05-00000000DC01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032172Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:25.121{50946567-2F8D-60EC-2B05-00000000DC01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:26.780{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49E2F1F082705824BE455C70CFBE97A7,SHA256=32650DFB7E56554589024DEF347CFF3E7CD4854F1019F150080AFE79A44809BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032203Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:26.776{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C3DB782B126A1B4A090C1541218DCF,SHA256=B962D38A1B3328C0301BA974CCE68029DA3AB36916FC27D203DE648C285F128A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032202Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:26.776{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED421E54A1D8EAB57ECBC435AB770320,SHA256=8142FB262581B33D986C6CDFFC4E25F78AF58A43F48ECE7847DBC28B65400495,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:25.143{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63350-false10.0.1.12-8089- 354300x800000000000000032201Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:23.581{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51570-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032204Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:27.792{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=682F11DED2AABBB732CE132BAAEED5C1,SHA256=2A61720D0A2F5034BA315474B726F4B976261A1A371CD5380D2DF933E597E849,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:27.843{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:27.802{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88424D1E6BCEBA2161214E2FEBF1FF43,SHA256=2550B7C308368F36FD6B34F65E16F8DD37DBA603D828AF249017C38233469ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:28.808{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A33E8FD2F5632F6B116F6AD4D92033F,SHA256=A1B85267FA1B40617091B9C8CEAE2DD8845A14ED7A23CFFE9632E0B2E04CF528,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032230Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F90-60EC-2E05-00000000DC01}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032229Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032228Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032227Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032226Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032225Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032224Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032223Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032222Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032221Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032220Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F90-60EC-2E05-00000000DC01}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032219Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.901{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F90-60EC-2E05-00000000DC01}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032218Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.902{50946567-2F90-60EC-2E05-00000000DC01}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032217Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F90-60EC-2D05-00000000DC01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032216Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032215Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032214Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032213Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032212Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032211Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032210Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032209Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032208Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032207Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F90-60EC-2D05-00000000DC01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032206Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.229{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F90-60EC-2D05-00000000DC01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032205Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:28.230{50946567-2F90-60EC-2D05-00000000DC01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000073929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:26.361{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63351-false10.0.1.12-8000- 10341000x800000000000000073928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:28.132{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:28.011{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000073933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:03:29.919{8057F119-08A1-60EC-1000-00000000DB01}100C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d77715-0xedd9a248) 23542300x800000000000000073932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:29.816{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02BBE2EBD87B392F929B198F2E8B2A15,SHA256=3CE4167686AF5D995D1D86419880F43DF560DE5B5923B180B8A7E0FCB5B20EC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032233Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:29.261{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F75FCC4A4814EC5B76E7F286B779205,SHA256=AA5C662AB8B96EC3E491C9D91ABC134D2B42AA4E2380489A9915509FA9C349C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032232Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:29.182{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AE65008EB476576E818CC3EB455FE30,SHA256=DBBA4D6BA56234B11C43E2C5371D180684BEFA467761575D0D6FBAE58EA76110,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032231Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:29.090{50946567-2F90-60EC-2E05-00000000DC01}7963960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:29.681{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:30.827{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94ED64698D526B65EE6B1B1D340E246E,SHA256=9E4549D0EB3287DDB0368DBBEA2B4B8E2EC0A74E7134B65677292DB7F2826991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032234Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:30.104{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D195E27371F44416B832CA13E14BA3C4,SHA256=23E9CFADF28F254C0802F32BFC52FCC24C0F9B6A02C246FD21C5D1D384C9EC54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:31.845{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=651727D8FA2F1003BE6A130F492061D3,SHA256=D8D5B734BCEA1156A2A1DF1A19DD80FF26041624C29FD68FFFAB370C3B3CDB1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032236Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:29.409{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51571-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032235Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:31.323{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CAEE148D4218C2C0C0C6CDE5FEFA109,SHA256=6FC09338088C9AB4FC1F3E94DB1D90D1706FD76649F329573437293EE2633616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:32.850{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45CD89875D892DB46E463786ACD89954,SHA256=9E7E96F217B863042E244FFC98A0C2E5331FEEC5A4D898DD909BA3D4B42D8DF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032237Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:32.354{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C7AD1129FFB21054A1AF064281545E5,SHA256=923391DD3DEFE031D2B6EAD967E0A9D5E783DDC1644F00788D12AABDE80CA6F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:33.859{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FD683D4B71BF7C1062F2863DAC0D03C,SHA256=8942DA03B3E4608871EF3B83EEA604816B0C39CDE08C02855D532B511F9D8D9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032238Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:33.419{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3C0C3A3E095858F3C89A565A82D5D56,SHA256=5663CE608773637BC4F376C8D91B5EA996728AB5F2BCB1211CA728C9F8F4A6B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:32.152{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63352-false10.0.1.12-8000- 23542300x800000000000000073937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:33.543{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=CD7E9CB79472575842E0F9A53C8C3386,SHA256=A39A23121E973119F2970AA6B8D81F3ACEA45746AF5E79555C168E2935FC1AF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:34.866{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B70D5AE833454094AC7ADD3B8BA7AB53,SHA256=DCA864233649D810729EE2FA5BFC5FB0861B474F3D04C8E6A5C76AFF49DF56BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032239Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:34.435{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B78E9B14862F16241C98B0A8BA44C66,SHA256=6A889DC8F0798C5492C0A7CF749594D294499D0B5F1ED1D535203CFA79865B92,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.959{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.949{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.912{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.872{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54532194CAE4CCD8FD64121A1BEDB621,SHA256=B60E19691F3EE82BB318C0113F9C4A845783C83004BD87B68441F8E46594605F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032240Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:35.513{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC22D0B563380A1BDA5FE9AE891F26E,SHA256=7072F968A238CC84624FF76E0766AB79C7EF7812ED1E8A60DA8AF0934D8D4CB9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.789{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.303{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:35.087{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:36.890{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85167AC3ECCC6B0B5E7A6BF963970E00,SHA256=D044EE1FE05CB86A926AD757230CA53C8E323FDE4AF1CFF892DF1F946F774ADD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032241Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:36.575{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9933A2E1FA363AFC4B5A8416F0E08096,SHA256=E341843E612F14CCCDA781EF3183F58597EC7427DE433A3C6B8CAE6C82BED84C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:37.900{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8AF97B585D833FEEBE30F86F13BE4E8,SHA256=E9AD5B252CC567A34376DD3E418AFCB9031D11980166A7DDEB791755002FEC43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032243Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:37.591{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D87D9A705C68B9C3C890BD8A04933378,SHA256=277D6DF07AF96FD6D448D8F7DBD1F51139C0A389995FAEBD803676FBB73D2589,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032242Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:34.412{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51572-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000073951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:38.909{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38F8CB9230E6BD77DB417A948C72821D,SHA256=999B1D0D3051E67E9545CC4591A07B793CE67072A6CE2A3152425957BD621B23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032244Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:38.622{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92E57B1A8D56609A2558A779BB9B8E7B,SHA256=1B135BB0E9E1CFA1CE2E3BAB2FE61E67D8A9F09DA0B2046AB633C273407E6147,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:37.191{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63353-false10.0.1.12-8000- 23542300x800000000000000073954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:39.914{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADCC2DDA52AD0D81AAFFBC7B2972834,SHA256=6BCE3549C9048B63394A209DE0BD97BC4C1AD8947F895AFDAC35A0220A75C935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032245Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:39.638{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74A4FA4DA105696DB5AE067B5A0EB001,SHA256=81B61D5C98AE8489F738924BFEEF9D414E936AF9C0E1FA7DDA8B02BF34311BB8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:39.699{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:39.669{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:40.922{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C406124CC26E0A2E9CE54ADD1205930,SHA256=2CDA5CC0E6974C1E95230965F1E3E009D8499AB24C7CC6837375A365892352C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032246Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:40.654{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6CD536E6800F33DB07F9FDD1A87CE2,SHA256=D7E8520CB181535C311F5F7EEBF9DBC9632275AD63BE9359845F3695E544B066,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:40.709{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:40.656{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:40.313{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:40.296{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:41.930{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F54217437147E37329364F40A3225DFA,SHA256=52C335ECF3C92F2548C1E994A1E285044DD978A1E6D8A2645A0FCB4690544758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032248Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:41.654{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1F26F5470F6C0B9BFB5DCB4B32FC372,SHA256=C264071CF71A51C58CCC4F8D71AB916C8B90379043BAEAB9F2D2EE3ED9C19E0A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:41.538{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000032247Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:39.459{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51573-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000073962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:42.932{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE0A32412E445849189C5F8F8A6FA18B,SHA256=21A7A486D5E675233DD5C34A7BC9522C33E0BA9248499FEFFCDD4B5356911587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032249Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:42.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=454417825725808D95A4D3D9151E6CBD,SHA256=A31041F19EF8E4070E1773204A3F03AF78CCF6918A0E01C9661AC771106E3145,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:43.941{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11EF1FCD9B153A72A1122EA47C531A5C,SHA256=12D8FA11EEFFED641E97737EF1C8C5F462902136F58600129BFD69E2F5C59D75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032250Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:43.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E1EFE2224BA99960A2E9C8763A7D642,SHA256=741835F54ECF53ECBCB8B67D272A59B644EF03A9C269737BE3246C1537BC85DE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:42.358{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63354-false10.0.1.12-8000- 23542300x800000000000000073968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:44.954{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E0F2D34F977116A94884601BD2957F8,SHA256=92F7390EEC672199607A79FA3AB450A5BFF9E72D90A19A68848CB6B93E2D1322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032251Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:44.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAAE5F893E4E39F9F5C2E01D572BEF33,SHA256=3869FD827B9E72B62C6EAD2EED3432247AD70A8C63462BBDAFE2D2795CC2E43B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:44.717{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:44.714{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:44.713{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032252Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:45.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16ED60456D58FCC5BC60FA5A8E5A55B8,SHA256=45199D4769C58FC095ED30F0682A960F836568DC8763EB52153E14104744E3A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.962{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=995F401C56E50FD08DBDE52AF4A56C1A,SHA256=14FC6D6818CADA12186957231FDACE51BF098429715472B9A7C2059AFE81B11E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.233{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.232{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.148{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032253Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:46.700{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E583491126E005AE1C2E1F7782D81CD,SHA256=A359BE3B74A85653D9EECAF24343C4D49A714AE4668C3A0E4AF350A3394352F0,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.900{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.898{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.897{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000074075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.558{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.556{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.556{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.554{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.550{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.549{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.544{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.543{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.534{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000074066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.532{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.529{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.529{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.528{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.526{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.526{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.526{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.526{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.526{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.526{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.525{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.525{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.525{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.525{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.525{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000074046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000074043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000074042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.523{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000074039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.522{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000074038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.522{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.522{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.521{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000074035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.519{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.517{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.517{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.516{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.515{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000074030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.515{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.515{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.514{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.514{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.514{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.514{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.512{8057F119-2FA2-60EC-F709-00000000DB01}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000074023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.294{8057F119-2FA1-60EC-F609-00000000DB01}75406792C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.294{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.292{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000074020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.036{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.035{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.035{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.034{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.031{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.031{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.030{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.030{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.029{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.018{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.018{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.018{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.018{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.014{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.014{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.014{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.014{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.014{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.013{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.013{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.013{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000073999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.013{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000073998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.013{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000073997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.013{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000073996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.012{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000073995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.012{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000073994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.012{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000073993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.011{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000073992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.011{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000073991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.011{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000073990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.010{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000073989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.010{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000073988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.010{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000073987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.009{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000073986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.009{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.009{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000073984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.008{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.006{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000073982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.005{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000073981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.004{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000073980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:46.004{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000073979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.998{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.998{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.998{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.998{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.998{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.998{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:45.994{8057F119-2FA1-60EC-F609-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032254Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:47.716{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9804B2D1BAD111120DE1AD006E1012B,SHA256=849A8D5C5F6CC78A25B686D5E801E02CB24C0E96F17EDD4848390E50A6959DB6,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.341{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.339{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.338{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000074130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.301{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D008537141699C8E45CA58B34CB24717,SHA256=16BA62A2BB7798398D6562E653B08C53424051F447C18E8E23910B31AAB56640,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.070{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.069{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.068{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.067{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.064{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.064{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.062{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.060{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.048{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.043{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.043{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.042{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.042{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.042{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.040{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.040{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.040{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.040{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.038{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.037{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.037{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.037{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.036{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.036{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000074098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.035{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.034{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.034{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000074094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.034{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 10341000x800000000000000074093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.033{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.030{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.028{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.027{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000074089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.027{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.027{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.026{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000074086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.025{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.025{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.025{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.024{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.020{8057F119-2FA3-60EC-F809-00000000DB01}7352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.023{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88ACE0C1D670A3B760866C39EA913DEF,SHA256=547E1EBC0AD0B6536D03F51660B1DF8F10AA062D488B2BFB60ED4C5F532606AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.023{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6905C91CD0C2EF803E8C5CDFDBD4C225,SHA256=AA2478281D1B88616DBAE048BFF422465A330A44BB37324846350228D4B152C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:47.021{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0229EEF5A7AB0466EC7F285DA4C6DE01,SHA256=AF9C5AE55E60F448412630DD2AF5887C38064CE31BCD2B00056A1DE8D5DD587F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032256Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:45.474{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51574-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032255Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:48.732{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A23870B655AB94D9F4A830A3DEB1597,SHA256=AAE040FE71CAC9FC9787C335F52BA5F42C276C61F965C7F60B6167F6DAF7E22E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:48.386{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3365DBBAF3DF7837C07AB1FA09ADA37C,SHA256=C54117C047F5963C3F250640E4680C71276607D77337CF8977B31772FDF640BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:48.033{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88ACE0C1D670A3B760866C39EA913DEF,SHA256=547E1EBC0AD0B6536D03F51660B1DF8F10AA062D488B2BFB60ED4C5F532606AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032257Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:49.747{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2EAF9B88AB2CC04FF1927A109B47552,SHA256=8B77F2BF347D3516BB43020B97F18C781FFDFE1D853698D954C3AB5EB8843BF1,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.586{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000074186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.586{8057F119-2FA5-60EC-F909-00000000DB01}87208360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.586{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.586{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000074183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.386{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000074148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000074143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.370{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.371{8057F119-2FA5-60EC-F909-00000000DB01}8720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.033{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0936120819D998F76A23D023DC6CF559,SHA256=1EBB4BB47BC2422AFC824AFD6CD87810249FCC1048910C1861E44F919BEB35B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032258Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:50.747{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2FE7EF2F554E1AC0DEA57D49163C357,SHA256=78EFAF049CC6BE02E2E5288AB5AB50D5DC9FA9746E4197D256147A9CE96C1988,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:48.385{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63355-false10.0.1.12-8000- 734700x800000000000000074297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.771{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000074296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.771{8057F119-2FA6-60EC-FB09-00000000DB01}37806968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.771{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.771{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000074293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.601{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB51DBC519F9DEA807C1D735EE9217A4,SHA256=D486DC1787A8B46C8267D4EDA205727BFC017CA16D073961547196D10FF3CB3D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.554{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.552{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.552{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.552{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.552{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.552{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.551{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.551{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.551{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.551{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.550{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.550{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.550{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.549{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.549{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.549{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.549{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.549{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000074257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000074254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000074250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000074248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.533{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.534{8057F119-2FA6-60EC-FB09-00000000DB01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.385{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A40E630280548FA0A190E416D5A68F1D,SHA256=0D3AFFB99448C95D63D67EBF643DAE59EF885EC1D3DCB3444FB287887802A19B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.385{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.385{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.370{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.354{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.270{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000074239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.270{8057F119-2FA6-60EC-FA09-00000000DB01}10232660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.270{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.254{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000074236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.086{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B926B4DF4854E4A2233A7B2D2E6F767C,SHA256=37F6F4F778DD67AEB053C80A85A48BA8B7E807DFB448CA3655DC3BC975800B12,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.054{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.054{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.054{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.054{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.053{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.053{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.052{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.051{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000074201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000074199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000074194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.032{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:50.033{8057F119-2FA6-60EC-FA09-00000000DB01}10232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032259Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:51.763{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56A576CEEA655E6B16ED6F84901201FC,SHA256=C816E99A6B57F3895E0CA4D13F3E2FC93DF8BF2440821F1C4241A2B52012E835,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.854{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63356-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000074301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:49.854{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63356-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000074300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:51.554{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=463585C102A97DAE899197648F87EA09,SHA256=41893868AA9C9FC1FACFEE0ACF2426DD9A8072C766B8F21A8544F2A27B1D3486,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:51.056{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA9B876C628110FD115AC19A0A085DEF,SHA256=0368036A0760616ED330861D9EE995F5FACCB22AD4789154A45F8921835F1E7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032260Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:52.763{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B13F43EE9CD04D43B6DE5D9404B76418,SHA256=ED7DE4E61C30504301FB8ED6DE64972A113E638426D4C2905D7A850AE9B5D4C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:52.071{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1747ABA4F4FB5446BDBDB33E4BACE6A6,SHA256=DC7DEB251CE8E3C3DA207C22A524B30C9D39AD47D859B59487C1098338B9944F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032261Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:53.769{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6852E4916241980F17B56990D0978840,SHA256=016EE6B022A54CE6B83296CE36920D9A0550219E2928B0F2B2BA8187B83617E8,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.455{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.453{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.451{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000074352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.203{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000074341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.187{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000074320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000074316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000074311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.171{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.172{8057F119-2FA9-60EC-FC09-00000000DB01}10168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.087{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A02E395991278A0FF397A2E73D3AC0D2,SHA256=A930BA89705FB0933775FFFD2DFC37FD081C5B2E4392053E2750FD8DF3366619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032263Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:54.784{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C003FEE06C2F35970A7414039B87CE3,SHA256=CFF1C996C804476F7CFE9D0D002D34D15A3552B681DA95B40AEE403617BB1A49,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:53.386{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63357-false10.0.1.12-8000- 23542300x800000000000000074357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:54.403{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21B30643F55A0049847D2E80EDCB96C1,SHA256=352BE09B969E73FF487FC705B4D59CBBD80CF57A264D97BA9C47FA286E8D516F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:54.403{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=668A05975E22FBF5D538FCA74BEEF60A,SHA256=4A824E466C6E29CF1E2B0240C8A39CA3C975944C180264E6503FFF7ABD9DA4BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032262Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:51.365{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51575-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032264Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:55.800{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4808497F2C2534C7F738A8DA12D29CB,SHA256=1DF897FB78F6C5EEEC84D6259E7537012EF953FC893C76DE0944BD0ED2CFEDC2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.918{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.918{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.918{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.902{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.902{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.902{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:55.418{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3011DA30EE33EA1FE30E35CF2483B0A,SHA256=E2848BA0241F5C8E8ED403A71AE225F87A43CB9624A35E7639871027E8DF5A41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032265Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:56.815{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8ACCB513192518DA4B5E07DF165080FF,SHA256=3263520A07B5395DF7653F62C28FA77AC198A294ADCC15BC22D16551CE44335C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:56.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19ABE72522A396A139D4C2F01AE2A9A4,SHA256=2D382CA0AF5ED07D1F765C35AE4062107823639F83AE407271374D1BA58F750E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032266Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:57.831{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85B31D45BC4D39406764AE9DCDE50C89,SHA256=C7A547F31FB9F104AD23AD2D6D9F4B9CAAE3A8A143772215FB0CBE8EF149E1AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:57.451{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7EF5F8787E23863487C1E9FD2CB27B1,SHA256=43B69C62FF5776132F2D02E43B1F760442BD413CEF74176A0BCBD2C6E24B37D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032267Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:58.862{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6C89B7BD329703730001600E0CB205C,SHA256=92B77CFD15EDB42CD3CF76A2B41BBF12416EF6B70503EBAFC2AD3BFFF85C0096,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:58.672{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:58.470{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F56B5B1594207691D4E496C0655755C3,SHA256=10429D50FC4F16BCA814128D8FF5A11892CFF021C639EF3B2293DB03468A6CF2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:58.370{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:58.254{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:58.254{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:58.254{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.815{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\17145MD5=0DB30D04022DCD844073B36978687A80,SHA256=DED471E8C89A872CB88466E8D1B08F30742B07AEADBA8F13AC961AC6CE208B30,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.655{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000074399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.655{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000074398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.585{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000074397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.585{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000074396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.510{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000074395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.510{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000074394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.491{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7015E8DCE63DE2FE3F89207DBBC21504,SHA256=B663DA739CA9B0887ADB52270878C7ABB5F24BA426C282D0357BB62EC6EC2E98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.480{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000074392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.480{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000074391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.418{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000074390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.417{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 10341000x800000000000000074389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.299{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.279{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.279{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.277{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.277{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.277{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.245{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.232{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.232{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.231{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.229{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.229{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.136{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000074376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.136{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 10341000x800000000000000074375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.069{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000074374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.069{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 23542300x800000000000000032269Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:00.034{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83B7E89E82235F9AAF4E7C4FF41ADCF4,SHA256=ADAFDB40F422A1511317A2D95859D8645FC826B428199F34E9E209311DA316BC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.980{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.980{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.957{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.955{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.027{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59506- 354300x800000000000000074416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.000{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54790- 354300x800000000000000074415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.999{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61330- 354300x800000000000000074414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.925{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62283- 354300x800000000000000074413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.924{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57455- 354300x800000000000000074412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.923{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60169- 354300x800000000000000074411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.896{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63709- 354300x800000000000000074410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.895{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59730- 354300x800000000000000074409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.873{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58498- 354300x800000000000000074408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.873{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local59624-false172.217.16.142zrh04s06-in-f142.1e100.net443https 354300x800000000000000074407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.871{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59623- 23542300x800000000000000074406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.487{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17FC277BCCD9B7F4C92E496E84CF3E07,SHA256=1E88CB3B6314ABCCD8EE0A67CECAFFD675284A32B36D3D6D32FFFED7A224169F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.359{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63358-false10.0.1.12-8000- 23542300x800000000000000074404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.255{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=76D364C3467EEC82B34A7EACD9E81A51,SHA256=9E3E6E9E1395591B91697F6F78B8DD0E801986FB2B00F52B758715C81A61B948,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000074403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.744{8057F119-21D0-60EC-6307-00000000DB01}7172www3.l.google.com0142.250.185.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:03:59.743{8057F119-21D0-60EC-6307-00000000DB01}7172ogs.google.com0type: 5 www3.l.google.com;::ffff:142.250.185.206;C:\Program Files\Mozilla Firefox\firefox.exe 354300x800000000000000032268Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:03:56.558{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51576-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032270Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:01.097{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E201A1BFA55BF2085E5CB061690C531,SHA256=DAC71720F02E6520898375A971B6930F0A9002CB7AD9345093256B4662D2D742,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:01.934{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a 10341000x800000000000000074426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:01.934{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002 354300x800000000000000074425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.164{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55718- 354300x800000000000000074424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.162{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55761- 354300x800000000000000074423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.112{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55325- 23542300x800000000000000074422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:01.497{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02E950E8996A7583D96473D19166FCEC,SHA256=5F40700C3FEDAC315037BCC09B8E4B94679AFA47B51B5EEC11E31E95EC1B64CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032271Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:02.275{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2D213A5102AD92C2AF11985AC624664,SHA256=23A26AAD630DBF658B1C0F25D6CC77842137516EA1CCF5B19A55DA3C1573B060,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:00.827{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61758- 23542300x800000000000000074430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:02.528{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF87C9EEDEF61E780F7C64FA9245F50F,SHA256=EF01A29A9EA7C05570DA7C2356E57B1AB1336DD8CB491B6BAD10F17ABFBC9126,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:02.030{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05|C:\Program Files\Mozilla Firefox\xul.dll+2d86a87|C:\Program Files\Mozilla Firefox\xul.dll+2d8654a|C:\Program Files\Mozilla Firefox\xul.dll+2d8720f 10341000x800000000000000074428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:02.030{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000032273Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:03.512{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD5C6F7B26A629CC8986CD3CBEE18043,SHA256=EC8BEA5B9E9B89D225397BC13475A3DF7B7F64BDBD084F0EE6FA60FFE5FDEB5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.993{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.993{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.993{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.993{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000074439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-ConnectPipe2021-07-12 12:04:03.993{8057F119-21D0-60EC-6307-00000000DB01}7172\chrome.8096.5.151246434C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000074438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.992{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000074437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-CreatePipe2021-07-12 12:04:03.992{8057F119-21D2-60EC-6907-00000000DB01}8096\chrome.8096.5.151246434C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000074436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.838{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d87090|C:\Program Files\Mozilla Firefox\xul.dll+2d86f05 10341000x800000000000000074435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.838{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d 10341000x800000000000000074434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.620{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+169a00f|C:\Program Files\Mozilla Firefox\xul.dll+6828c0|C:\Program Files\Mozilla Firefox\xul.dll+17948c2|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571|C:\Program Files\Mozilla Firefox\xul.dll+2bbf9e4|C:\Program Files\Mozilla Firefox\xul.dll+6177f1|C:\Program Files\Mozilla Firefox\xul.dll+2d81e48|C:\Program Files\Mozilla Firefox\xul.dll+2d8d317|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f 10341000x800000000000000074433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.620{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3e7611|C:\Program Files\Mozilla Firefox\xul.dll+11fd9e1|C:\Program Files\Mozilla Firefox\xul.dll+122efe9|C:\Program Files\Mozilla Firefox\xul.dll+122ef09|C:\Program Files\Mozilla Firefox\xul.dll+122c730|C:\Program Files\Mozilla Firefox\xul.dll+122cc44|C:\Program Files\Mozilla Firefox\xul.dll+16b3e21|C:\Program Files\Mozilla Firefox\xul.dll+6817b9|C:\Program Files\Mozilla Firefox\xul.dll+6816c4|C:\Program Files\Mozilla Firefox\xul.dll+6814ad|C:\Program Files\Mozilla Firefox\xul.dll+6810b4|C:\Program Files\Mozilla Firefox\xul.dll+17948a3|C:\Program Files\Mozilla Firefox\xul.dll+17947f4|C:\Program Files\Mozilla Firefox\xul.dll+67fb0d|C:\Program Files\Mozilla Firefox\xul.dll+17910e7|C:\Program Files\Mozilla Firefox\xul.dll+179b388|C:\Program Files\Mozilla Firefox\xul.dll+178f3e6|C:\Program Files\Mozilla Firefox\xul.dll+178f8c3|C:\Program Files\Mozilla Firefox\xul.dll+2ffdc1d|C:\Program Files\Mozilla Firefox\xul.dll+64392d|C:\Program Files\Mozilla Firefox\xul.dll+63a002|C:\Program Files\Mozilla Firefox\xul.dll+2bc0571 23542300x800000000000000074432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.533{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1F16E039E57BF290FD21A66F104A78F,SHA256=DDDA9F89E0C202BC165B83E35489915161E31AF880B7E5126F57677768006EA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032272Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:03.096{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.025{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63359-false92.122.105.169a92-122-105-169.deploy.static.akamaitechnologies.com443https 354300x800000000000000074490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.024{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58928- 354300x800000000000000074489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.851{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61020- 354300x800000000000000074488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.849{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64548- 10341000x800000000000000074487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.760{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.750{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.748{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.740{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.739{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000074482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.087{8057F119-21D0-60EC-6307-00000000DB01}7172e10374.dscg.akamaiedge.net02a02:26f0:1700:483::2886;2a02:26f0:1700:492::2886;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.082{8057F119-21D0-60EC-6307-00000000DB01}7172e10374.dscg.akamaiedge.net023.203.79.223;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.057{8057F119-21D0-60EC-6307-00000000DB01}7172js.monitor.azure.com0type: 5 aijscdn2.azureedge.net;type: 5 aijscdn2.afd.azureedge.net;type: 5 firstparty-azurefd-prod.trafficmanager.net;type: 5 dual.part-0033.t-0009.t-msedge.net;type: 5 part-0033.t-0009.fb-t-msedge.net;13.107.253.61;13.107.226.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.057{8057F119-21D0-60EC-6307-00000000DB01}7172js.monitor.azure.com0type: 5 aijscdn2.azureedge.net;type: 5 aijscdn2.afd.azureedge.net;type: 5 firstparty-azurefd-prod.trafficmanager.net;type: 5 dual.part-0033.t-0009.t-msedge.net;type: 5 part-0033.t-0009.fb-t-msedge.net;::ffff:13.107.253.61;::ffff:13.107.226.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.044{8057F119-21D0-60EC-6307-00000000DB01}7172a1778.g2.akamai.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.042{8057F119-21D0-60EC-6307-00000000DB01}7172e13678.dscb.akamaiedge.net02a02:26f0:1700:487::356e;2a02:26f0:1700:493::356e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.042{8057F119-21D0-60EC-6307-00000000DB01}7172a1778.g2.akamai.net02.18.213.27;2.18.213.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.041{8057F119-21D0-60EC-6307-00000000DB01}7172statics-marketingsites-wcus-ms-com.akamaized.net0type: 5 a1778.g2.akamai.net;::ffff:2.18.213.74;::ffff:2.18.213.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.040{8057F119-21D0-60EC-6307-00000000DB01}7172a1449.dscg2.akamai.net02a02:26f0:1700:3::5f65:1b8d;2a02:26f0:1700:3::5f65:1ba2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.039{8057F119-21D0-60EC-6307-00000000DB01}7172e13678.dscb.akamaiedge.net023.3.109.244;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.038{8057F119-21D0-60EC-6307-00000000DB01}7172part-0033.t-0009.fb-t-msedge.net02620:1ec:48::61;2620:1ec:29::61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.037{8057F119-21D0-60EC-6307-00000000DB01}7172a1449.dscg2.akamai.net02.18.213.74;2.18.213.56;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.036{8057F119-21D0-60EC-6307-00000000DB01}7172img-prod-cms-rt-microsoft-com.akamaized.net0type: 5 a1449.dscg2.akamai.net;::ffff:2.18.213.56;::ffff:2.18.213.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.036{8057F119-21D0-60EC-6307-00000000DB01}7172www-googletagmanager.l.google.com02a00:1450:4001:82b::2008;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.035{8057F119-21D0-60EC-6307-00000000DB01}7172part-0033.t-0009.fb-t-msedge.net013.107.226.61;13.107.253.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.032{8057F119-21D0-60EC-6307-00000000DB01}7172www-googletagmanager.l.google.com0172.217.23.104;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.897{8057F119-21D0-60EC-6307-00000000DB01}7172e12062.dscb.akamaiedge.net02a02:26f0:1700:49a::2f1e;2a02:26f0:1700:48b::2f1e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.894{8057F119-21D0-60EC-6307-00000000DB01}7172e12062.dscb.akamaiedge.net092.122.105.169;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.721{8057F119-21D0-60EC-6307-00000000DB01}7172www.google.com0142.250.185.196;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:03.720{8057F119-21D0-60EC-6307-00000000DB01}7172www.google.com0::ffff:142.250.185.196;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000074462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.680{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.666{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.665{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.654{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.653{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.556{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C069591EBE26329D4D7E9DB7C1E2DE09,SHA256=005231544A44A4CBFBADAC22281ECD9FBDC4980105CA0C82C9E90AB61FFD7C2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032274Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:04.527{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C990E973123ACC4EDF76F80F722189F,SHA256=586078BF8DFE800DA30E0BA9B7ED6FE7EB2583FF77197B0281FD98D631F51672,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.524{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.521{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.517{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.516{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.503{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.501{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.499{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.498{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.403{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\21381MD5=53B9B96564895EA2E73A3D3D76027242,SHA256=2EF0487B359F50CF60CB59901229F5D5A768A74B7D95B817E497E907BCF4A3DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.340{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.338{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.178{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\14053MD5=7E5FCEB539F396AE878D8C29B32960BF,SHA256=BCDAA62B0F877C3995B39525532D6796455416D94227DCBA0E95C92E2422CAAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.038{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\10838MD5=B4D89C4ECB2A59DCB023ED84CD966BF0,SHA256=E01D275519377751D3E2CE3280186313D3677BD9B42713E22196A80BECC6D95F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032277Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:05.762{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0523280409E80B21E12A04B4BD584DC8,SHA256=486A70BD43D497CDFA08B86B7AD8625FB68313182E8FB9E0F85DF7AD30355277,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.983{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63372-false162.247.243.146-443https 354300x800000000000000074567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.979{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60530- 354300x800000000000000074566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.882{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63371-false151.101.13.27-443https 354300x800000000000000074565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.881{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61652- 354300x800000000000000074564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.841{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61704- 354300x800000000000000074563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.840{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64836- 354300x800000000000000074562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.840{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59275- 354300x800000000000000074561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.840{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61163- 354300x800000000000000074560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.839{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62583- 354300x800000000000000074559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.839{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63528- 354300x800000000000000074558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.543{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63370-false104.117.196.154a104-117-196-154.deploy.static.akamaitechnologies.com443https 354300x800000000000000074557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.542{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60884- 354300x800000000000000074556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.542{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57867- 10341000x800000000000000074555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.834{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.826{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.764{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.759{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000074551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.961{8057F119-21D0-60EC-6307-00000000DB01}7172w.usabilla.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.958{8057F119-21D0-60EC-6307-00000000DB01}7172w.usabilla.com034.255.12.101;52.31.179.168;54.154.86.12;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.957{8057F119-21D0-60EC-6307-00000000DB01}7172w.usabilla.com0::ffff:54.154.86.12;::ffff:34.255.12.101;::ffff:52.31.179.168;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.854{8057F119-21D0-60EC-6307-00000000DB01}7172tls12.newrelic.com.cdn.cloudflare.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.853{8057F119-21D0-60EC-6307-00000000DB01}7172tls12.newrelic.com.cdn.cloudflare.net0162.247.243.147;162.247.243.146;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.852{8057F119-21D0-60EC-6307-00000000DB01}7172bam-cell.nr-data.net0type: 5 tls12.newrelic.com.cdn.cloudflare.net;::ffff:162.247.243.146;::ffff:162.247.243.147;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.752{8057F119-21D0-60EC-6307-00000000DB01}7172newrelic.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.751{8057F119-21D0-60EC-6307-00000000DB01}7172newrelic.map.fastly.net0151.101.13.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.750{8057F119-21D0-60EC-6307-00000000DB01}7172js-agent.newrelic.com0type: 5 newrelic.map.fastly.net;::ffff:151.101.13.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.416{8057F119-21D0-60EC-6307-00000000DB01}7172e13630.dscb.akamaiedge.net02a02:26f0:1700:48a::353e;2a02:26f0:1700:497::353e;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000074541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.703{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.702{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.701{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.682{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.678{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.671{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.636{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.538{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60413- 354300x800000000000000074533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.369{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63369-false10.0.1.12-8000- 354300x800000000000000074532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.330{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63367-false23.3.109.244a23-3-109-244.deploy.static.akamaitechnologies.com80http 354300x800000000000000074531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.330{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63368-false23.203.79.223a23-203-79-223.deploy.static.akamaitechnologies.com80http 13241300x800000000000000074530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000074529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0098be7a) 13241300x800000000000000074528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770d-0xa0f4a846) 13241300x800000000000000074527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0x02b91046) 13241300x800000000000000074526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771e-0x647d7846) 13241300x800000000000000074525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000074524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0098be7a) 13241300x800000000000000074523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770d-0xa0f4a846) 13241300x800000000000000074522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0x02b91046) 13241300x800000000000000074521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:05.375{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771e-0x647d7846) 10341000x800000000000000074520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.318{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.282{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.282{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=ADE3F69984EC4259DB7C4761F325BF4E,SHA256=744DC10315A48782606DA5CE1A2BEA3C6CB498C3B0C5F8354DCA679CC11D4784,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.196{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.237{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobudptruefalse10.0.1.14win-dc-89.attackrange.local54624-false172.217.23.104mil04s23-in-f104.1e100.net443https 354300x800000000000000074514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.216{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63366-false13.107.253.61-443https 354300x800000000000000074513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.195{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-56854- 354300x800000000000000074512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.184{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-59681- 354300x800000000000000074511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.184{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63361-false13.107.253.61-443https 354300x800000000000000074510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.176{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63365-false2.18.213.74a2-18-213-74.deploy.static.akamaitechnologies.com443https 354300x800000000000000074509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.171{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60975- 354300x800000000000000074508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.171{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63363-false23.3.109.244a23-3-109-244.deploy.static.akamaitechnologies.com443https 354300x800000000000000074507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.170{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63364-false23.3.109.244a23-3-109-244.deploy.static.akamaitechnologies.com443https 354300x800000000000000074506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.170{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63362-false2.18.213.56a2-18-213-56.deploy.static.akamaitechnologies.com443https 354300x800000000000000074505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.169{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64860- 354300x800000000000000074504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.169{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56854- 354300x800000000000000074503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.168{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64117- 354300x800000000000000074502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.167{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57315- 354300x800000000000000074501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.167{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59102- 354300x800000000000000074500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.167{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local65097- 354300x800000000000000074499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.166{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63436- 354300x800000000000000074498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.163{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63360-false172.217.23.104mil04s23-in-f104.1e100.net443https 354300x800000000000000074497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.163{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local55131- 354300x800000000000000074496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.162{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64566- 354300x800000000000000074495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.162{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56633- 354300x800000000000000074494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.160{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59681- 354300x800000000000000074493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:04.159{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57868- 10341000x800000000000000074492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.133{8057F119-089F-60EC-0B00-00000000DB01}6324048C:\Windows\system32\lsass.exe{8057F119-089C-60EC-0100-00000000DB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x800000000000000032276Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:02.432{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51578-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000032275Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:02.401{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51577-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032278Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:06.902{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7573289430EE676BE3669F0C0B7F1B4A,SHA256=B1D3E1428779AFBDD199F6F14B7F03D17DB201022716F0CD259B749B014C7F56,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.675{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63381-false52.114.132.22-443https 354300x800000000000000074596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.361{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63380-false99.86.3.70server-99-86-3-70.fra6.r.cloudfront.net443https 354300x800000000000000074595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.360{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local58117- 354300x800000000000000074594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.348{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64761- 354300x800000000000000074593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.268{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63379-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000074592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.268{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63379-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000074591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.175{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-89.attackrange.local63378-false10.0.1.14win-dc-89.attackrange.local389ldap 354300x800000000000000074590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.175{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63378-false10.0.1.14win-dc-89.attackrange.local389ldap 22542200x800000000000000074589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.467{8057F119-21D0-60EC-6307-00000000DB01}7172skypedataprdcoleus02.cloudapp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.457{8057F119-21D0-60EC-6307-00000000DB01}7172skypedataprdcoleus02.cloudapp.net052.114.132.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.240{8057F119-21D0-60EC-6307-00000000DB01}7172d6tizftlrpuof.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.230{8057F119-21D0-60EC-6307-00000000DB01}7172d6tizftlrpuof.cloudfront.net099.86.3.37;99.86.3.49;99.86.3.167;99.86.3.70;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000074585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.229{8057F119-21D0-60EC-6307-00000000DB01}7172d6tizftlrpuof.cloudfront.net0::ffff:99.86.3.70;::ffff:99.86.3.37;::ffff:99.86.3.49;::ffff:99.86.3.167;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000074584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:06.398{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:06.174{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.166{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63377-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000074581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.166{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63377-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000074580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.165{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63376-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local49666- 354300x800000000000000074579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.165{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63376-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local49666- 354300x800000000000000074578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.163{8057F119-08A1-60EC-0D00-00000000DB01}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63375-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000074577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.163{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63375-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000074576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.158{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63374-false143.204.214.169server-143-204-214-169.fra53.r.cloudfront.net80http 354300x800000000000000074575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.157{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61712- 354300x800000000000000074574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.154{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57110- 354300x800000000000000074573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.114{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63373-false54.154.86.12ec2-54-154-86-12.eu-west-1.compute.amazonaws.com443https 354300x800000000000000074572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.089{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local59300- 23542300x800000000000000074571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:06.086{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AEC10D528E773F27EFF2C4E6285800D7,SHA256=4E3DE63A5264B41A06A49AD332507F0B432DF505DB72CD5E7C6A5C475AB8FC66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:06.086{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84A2C13D9844CE4219124B13691930EB,SHA256=6F42553F8DE198A71C7FAEC9A1E2556E8A6859AF47E718285D6A6C863F18986E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:06.085{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B4A31F164A215DF0F5ECEB4E0CE529EF,SHA256=F8FD24506A07D71717B6F12E00D1D2DC250D43612AC2794A64EF3928FB387C78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032279Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:07.949{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7756D98B1302A13187DF69A210450C5A,SHA256=0743A3982D9DC26819E54135957A1645726649BBED58832BF96A6D7FF014BCFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.844{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local62937- 354300x800000000000000074601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:05.844{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60068- 23542300x800000000000000074600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:07.740{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=164E9423ADEA696051BB154C277C365B,SHA256=36B6FCBA5788073A7E4490E54B36F4BD8E708BFF8D42F41BB148706BD2C72963,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:07.336{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AEC10D528E773F27EFF2C4E6285800D7,SHA256=4E3DE63A5264B41A06A49AD332507F0B432DF505DB72CD5E7C6A5C475AB8FC66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:07.108{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62F275FE319D4C9164B6C5B75E4EA3DB,SHA256=96A4BABA59D4A7CCEBA05414F96F66B1E22968487481FE768B271AC4B08B1F08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032280Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:08.965{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC3D156C3B9D544057CAAAF3D7BEE66,SHA256=1EEB068DA9F1CEA97AC38114B01EC5FEC7CDF81FC1FB74D746EC5E605E0D8F2B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:06.845{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local57466- 23542300x800000000000000074603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:08.749{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29F866DDB207BB231E89E3E44FA3B387,SHA256=8DDEF606EAAC8753EADE7BB0F561B4E72D1BAE0EF8CD8CCE17D8C44201884B6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032282Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:09.980{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33426C3E2664E7FAC8067277D6FBE82E,SHA256=02C45808914691862739A5B6CC1249FCD2877085F5C0BC2402168CCB399D5C2B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:09.950{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:09.931{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:09.755{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19B8411C32AA57A95913072CB7912ED4,SHA256=D6B5ECA7BE893D3F58A7D8BA70D346561505382EFD2BE6814D9BFB3E99BBD374,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032281Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:07.535{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51579-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000074605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:09.042{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\cache2\doomed\12942MD5=8FEF8AA00E034CECB772901F336E9CE1,SHA256=211F46908E5E1C3B4801DEE955F6FF84A9527EFD66CD2FF7DD48FA5DB6097352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:10.776{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DCD772FB90114C7F0BE3B14AB287B9C,SHA256=9F75A7207B8AD05F2CD68F8B3023C10D02C6C175BAE2BD46EAAE5650A5664B5A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:10.632{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255-138netbios-dgmfalse10.0.1.14win-dc-89.attackrange.local138netbios-dgm 354300x800000000000000074612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:10.632{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-89.attackrange.local138netbios-dgmfalse10.0.1.255-138netbios-dgm 354300x800000000000000074611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:10.369{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63382-false10.0.1.12-8000- 23542300x800000000000000074610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:11.784{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F85A9905D35C76E75226C72B735E2044,SHA256=80EF53094B14DA9F5B1823DD005C1A5E14B94FE77E8A1394A0453E3BE4EE0141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032283Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:10.996{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2DF4B6BA771A163B9D354D5B42ED02A,SHA256=2CF309B4E3AB03D8D2B94E1C69357AED30E905AF67DF183B0718980A7467D5DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:12.800{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE338440154F34F95D2D57933729A8F5,SHA256=0E4ECCCD356D5C1CC846F69AB64584A9C3B1FC4026F89958FC6452DAB4F4134D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032284Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:12.011{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F2082B26E9374D6A70758752544B4BC,SHA256=1F811A49600437F42A07BBED5111BC3F26111E04F8926F2EAE5BC49B5ACEBD81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:12.663{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:13.806{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C5A7CCD2BF3CA7F902F15BB2395FC54,SHA256=E81E438C5A49A70A0B002193B25DD3C2F8EBB4FFA02A7A4F40ED389718516D6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032285Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:13.246{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58B1881BC82F946889BA43E1559D9844,SHA256=A2DCF14F7CEA8FC38C3996AD9B59BA04DB6B1D7F3712A02D4368EB4182B9EF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:14.815{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29BCA44630129037E8CB5D8F2415C8F2,SHA256=C986737DE29342A71C87DF793401EBADACBA227936191BD4982A06062B6F2C12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032286Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:14.382{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A5A0F212B31A237EA79D386FA89F34C,SHA256=60EAA8DBA09D54C2D196BC5D9A5A158F606998E418F2C461C8D4A06F62B960DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:15.817{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB26C92EA00BA38DA185F8041959E19A,SHA256=50C0EA3335A605BCE104BA08746F61E648CDB02C73F012614B6D794003397D9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032287Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:15.413{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F483EF94704C929393B14C123F445520,SHA256=3DD121617604E7F097F090512D7A6F9047A74844FF36502445614E7184C38A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.860{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5599F32336098CC27522D9B52DF0DBD5,SHA256=FE63DBA9CB5D63144F5A9FCBF9A383065B3545765982BE4C6E54BAF699A46E8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.859{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8EEE4D8EEC4B06159E639F2287AF353,SHA256=51E650DA378384917F6E3687F2441E06FAAD320B7F9FAE6D8D2F65D438F63629,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.824{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F558378CF0893849B9147FAFDF3F9D4,SHA256=DCAC102A369ED9F353F8363A31A5D47FFB5BD142E8E9C7158D23E368EC2159A9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032289Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:13.453{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51580-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032288Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:16.647{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE1553AEC785EE6E119DDB3AED7E96D4,SHA256=EC3690CCBC4D8562D444F1E22E61F6C2E2855B9B70B94F054B3CB978C89E81A3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.477{8057F119-21BD-60EC-4B07-00000000DB01}58809932C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.477{8057F119-21BD-60EC-4B07-00000000DB01}58809932C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.477{8057F119-21BD-60EC-4B07-00000000DB01}58809932C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.469{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.469{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.469{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.469{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-2DED-60EC-B509-00000000DB01}9916C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032290Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:17.788{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F59B9829D5E1583CA90BF8843F5CC80,SHA256=AFBB280FEA847A4657DEA5E4AAB4532D7DF5D585F12052BAA6B38BB369C80CC7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:16.172{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63383-false10.0.1.12-8000- 23542300x800000000000000074629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:17.831{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0415E76CFB1E098B5DAD431DF05BEFCD,SHA256=71093DFF0EB49575F35EFBDCD36A377584B0538D9079EC1A3D3DF93535E8184E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:18.836{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=884671E10B65A9AA1AED69C3FFD631BD,SHA256=469E7B68DDC450D60BBA609756B577F1F2E01ECC5D7CA3A71A593502DF00AEC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:19.838{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=119E8B34A83C89208DBBA048BB14AB47,SHA256=FE6F0A2140028045E9905D32521DB7C98ED8E45181534F6287B34234F02CAF3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032291Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:19.007{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=300CA9AB0183C2AE9EB71444054DB673,SHA256=7F2FF0F136E6C7B548E40AE480F9248D1F88E27DF02DA8D1CC2B73E8DCC7F948,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:20.843{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86F5F34B2A641C2851846B32CC6E6136,SHA256=00F762CEF8F8AEE76F31D7D7C7003D597D2058F382F16F096BD629F6B3F98186,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032293Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:18.468{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51581-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032292Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:20.132{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B04A1740425562EDCE96DC461844B1B,SHA256=91073FD948417B0A89A2DA6E31FEC7B323E267C691324CFB0AAE89D443C796D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:21.845{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36126254EFD394E208D1F8332E888CEB,SHA256=F6E52DB9D9111995A28576FA7E5D4A55F2D724BA7C5CB450F3AC419D9D79375E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032294Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:21.163{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37A06878825FE86287481FA07449E225,SHA256=0541C95F358BA9CB1BDB090036D06545CFE0F3B3054CD2659CB10162E1E75F3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:22.993{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=F78F07888E984F4D76B52DA05810A381,SHA256=6C606E909C146D20B187E11DF7E34A207C1EAF6559DC303C56EF144D7AC96FE0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:21.250{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63384-false10.0.1.12-8000- 23542300x800000000000000074635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:22.851{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45BB1FF0A03E583775FC96C6605F10DB,SHA256=29E71411886AAA55B4F7A66C048210861730DBDF5D1A2AFA0589867F25A1FDD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032295Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:22.179{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAD67AE3FD39AACADF85F059B5751970,SHA256=6D08C60F38F33676DBE3BAA295EBE9EC16E062017CFA155696FB0F0DC8395B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:23.857{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94BA4EB8AD5D45D0D3F88FB89E9D1B12,SHA256=429DBC99010D24D1818464184407251CA7B1F09C6228BF83195B3E80FE18DE82,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032311Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.757{50946567-2FC7-60EC-2F05-00000000DC01}29603368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032310Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FC7-60EC-2F05-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032309Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032308Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032307Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032306Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032305Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032304Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032303Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032302Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032301Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032300Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2FC7-60EC-2F05-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032299Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.585{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FC7-60EC-2F05-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032298Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.586{50946567-2FC7-60EC-2F05-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032297Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.397{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=8EBD7604CBA9403EFA42C8533482D623,SHA256=4C0950AC69F40299E9F4AACBF8A4A4D7F546985C8EAA9455CE91C19D4F599F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032296Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:23.210{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE5150DA0C1EB9598321A26A1743006D,SHA256=E0BD017664A0F8ADA155F8C8188B6999B30C977AF0592DA78A5E7AB16CFC1A56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:24.862{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15C5F668053D0FDE3F7645B10363BA46,SHA256=555C0B4D4F5793A50DA8C05CC1C5BA5D2954B3B9E8AA9A4C4153750E77B349EA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032341Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FC8-60EC-3105-00000000DC01}1668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032340Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032339Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032338Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032337Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032336Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032335Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032334Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032333Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032332Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032331Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2FC8-60EC-3105-00000000DC01}1668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032330Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.929{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FC8-60EC-3105-00000000DC01}1668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032329Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.930{50946567-2FC8-60EC-3105-00000000DC01}1668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032328Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.601{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6EA0D67BB969EBF6D7DF43545CBEE3C,SHA256=959A4F282F3691C42472056534E6F565BB31634C43039FEEB8EF0BC6EB8F0145,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032327Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.601{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1A2A7065EDB7AD08216D188EE810D79A,SHA256=8B4001CFADA81DE4AD2A1A0F7E2DAC3C0722325277278221AB6D940E23391A3F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032326Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.445{50946567-2FC8-60EC-3005-00000000DC01}20681964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032325Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.398{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0D1AAFC8D8419C47BBF822D26E76E02,SHA256=48AA975EEB0384E24242B92E3133518B2772895D9EA2B8C793EDBD5469331A94,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032324Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FC8-60EC-3005-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032323Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032322Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032321Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032320Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032319Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032318Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032317Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032316Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032315Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032314Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2FC8-60EC-3005-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032313Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.257{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FC8-60EC-3005-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032312Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.258{50946567-2FC8-60EC-3005-00000000DC01}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:25.867{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC0E1F9953EAB7089C8D7C357525CCFA,SHA256=8271B4BAAE8A4F1C298D9FE935F30F9F44EF1592E48951EBC74FBB0A9CEC23A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032356Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.945{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6EA0D67BB969EBF6D7DF43545CBEE3C,SHA256=959A4F282F3691C42472056534E6F565BB31634C43039FEEB8EF0BC6EB8F0145,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032355Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FC9-60EC-3205-00000000DC01}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032354Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032353Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032352Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032351Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032350Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032349Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032348Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032347Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032346Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032345Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2FC9-60EC-3205-00000000DC01}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032344Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FC9-60EC-3205-00000000DC01}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032343Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.601{50946567-2FC9-60EC-3205-00000000DC01}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032342Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:25.429{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94DE528FF993D55B31673B01A88B152A,SHA256=D9FEAACA26550D27D6DA278CB8A0345D75EF991D8B2FA5C6BC49B16494F3596A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:25.036{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:25.159{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63385-false10.0.1.12-8089- 23542300x800000000000000074642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:26.876{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D1080709638034A5FC46604D7CE926,SHA256=8FC9EDC92085BBC05B268999531BFF5B295131F3BA22B17578FF7DC8EAE780AD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032372Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:24.437{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51582-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032371Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEBBCD15341DE60278BA03D927936E89,SHA256=B0D75C65001492A84BA48EE142407D114AE4A98479B1BBD427861B93BF4E4B87,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032370Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.429{50946567-2FCA-60EC-3305-00000000DC01}16163876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032369Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FCA-60EC-3305-00000000DC01}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032368Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032367Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032366Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032365Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032364Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032363Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032362Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032361Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032360Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032359Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2FCA-60EC-3305-00000000DC01}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032358Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.210{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FCA-60EC-3305-00000000DC01}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032357Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:26.211{50946567-2FCA-60EC-3305-00000000DC01}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:27.884{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48101B586AE196A12E4B21F654C5B2D5,SHA256=DDDA801DDAD3AAA0643732E16E6A12353411C710C81187A67A083ED45AF04123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032374Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:27.819{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47ED0D8037274BC4B6FFEB053A707AC0,SHA256=678A70B45F2ADB1BED210A2A55D971B3F67B621799F7714872707D80703C955E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000074644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:27.382{8057F119-2DED-60EC-B409-00000000DB01}8628C:\Windows\system32\cmd.exeC:\Users\Public\Evil.hta2021-07-12 12:04:27.382 23542300x800000000000000032373Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:27.226{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9AD4ADAC4043C85E1CE082247D8F5476,SHA256=2943221B7659BD30B2EFBDA2264AC6FEB813B6AF79BCC9F2CE7E16128F99DCF6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:27.145{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63386-false10.0.1.12-8000- 23542300x800000000000000074646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:28.891{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C90F6108F601CC1B07C0B332B204DB7,SHA256=452DC7FB55E66BC8EBEDAD03FEE6A946B4141A4EEFC00EBED6979FA57CEA841A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032401Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FCC-60EC-3505-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032400Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032399Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032398Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032397Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032396Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032395Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032394Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032393Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032392Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032391Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2FCC-60EC-3505-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032390Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FCC-60EC-3505-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032389Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.726{50946567-2FCC-60EC-3505-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032388Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.444{50946567-2FCC-60EC-3405-00000000DC01}34243224C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032387Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2FCC-60EC-3405-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032386Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032385Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032384Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032383Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032382Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032381Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032380Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032379Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032378Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032377Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2FCC-60EC-3405-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032376Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2FCC-60EC-3405-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032375Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:28.226{50946567-2FCC-60EC-3405-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000074648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:29.898{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCB81DD430AFEE9F6650BCA784BD5E96,SHA256=62AEF00A0409EDCCA01FB1C7E00D1CEAD82283158DECAF92815855616B927F84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032403Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:29.241{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5259F303879F4F79349119CFCA87C5C6,SHA256=6D3AC1A549A5AE307701FB8E39F6A6D4BBB8CF79126FB0F1A10A0AD54A79362A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032402Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:29.101{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD844368ADD22F19EC9C9CCC8313A6AB,SHA256=7D76B4FDE5ED6DB4AE4DE795EC63579BC70FED9C018D4D2BBBC91ACDD390F391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:30.913{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1D869D12D6D2E82CA4988055217CB50,SHA256=8B368E977EA37247F005E5AF62F2D8EDECA9210B2A4E28FAEFEDC344D03AF8C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032404Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:30.257{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A972A0666A0074EC9035E4CAE5D06072,SHA256=65B05F489FE3BA177B34934F808E584048D5C9B8011F6489F6995EDBE9F47DC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:31.918{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF1AD2F9A0F0E56B175132CB5E808A4D,SHA256=D343B8A4B438380071297FA1F5AC3BDC2ECADCA702721A3F29C10439E2371FC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032405Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:31.491{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=187168431BD279DF363219F76B5E3CD6,SHA256=A048B2A86F731FBD3BA0CA2150ED17D01BA2AA3D4ECD18AADBB0E2AB0E6509E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:32.921{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAB822DF241F9A04ED349896A6877FDB,SHA256=FFD6E45068B0C4028C7990F99157791845F1BF583D466E6B3D41F235A28552BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032406Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:32.507{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF35BBC605D7D7BCE2BC23E70FBD219A,SHA256=5FD6EC266E41D93FFA495DD272B7E959E69B723C4AE2E68C832028091A4F2285,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:32.243{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63387-false10.0.1.12-8000- 23542300x800000000000000074652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:33.938{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A47B1B17631EB40FB46940F263F5964,SHA256=7441BDB4991FEC6557E8AD6FB65E35358C3CFB87C7C6517B229C100BA0B820E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032408Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:33.511{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A9D3EA4AA8886059626D0098DA9B75E,SHA256=51EEB9B5B8BA8AC1E39D3A852E444CEDDD670A6CB2613AE83E1BBAE0E72CBF32,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032407Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:30.468{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51583-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000074654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:34.969{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A77C2DF4DFBB9BA1940A310A8AE2442,SHA256=0A0E5272456B163B2DF6EFB53A2705656A799A9B9EF45EAA9CA9550C781B0941,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032409Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:34.683{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36BB7ECFACF3E519244BF1D807D844B,SHA256=9BA85F76E436C4380A99734C49CD314CB086E1490DDE9ABF89CAD01E6E1B68C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032410Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:35.917{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07A7007D87012A15D45C3F9CE72363CF,SHA256=0C728043397B179C9DCADDB19011109F65390D5B5ED0162956A367F3B110C809,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:35.999{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264A4AA667E762408B13205A8A3CF99B,SHA256=97B3F7123E286CC61C55141159653636E9DD05E4982D5B0989FD07F8ED7CFC02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032411Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:37.152{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E38C04F63C4B5209A1BE12B3DD4321E,SHA256=432C374B3665973127B18C4A9BA4A126392E404502DBC648D053001CD79ED5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:37.019{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37B8743113DE8A1AFA00FE93F1310293,SHA256=D771C606A937C2DE2CFDF770160B80178BEB828EEE6C492545883EA697F24C73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032413Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:38.245{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E09128C01B4A62B8D7FB1A5E2D88D6EA,SHA256=07927E481491DA66E5D00D9782F4A125941B983CAA3F441EDA670D46045ED852,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:37.352{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63388-false10.0.1.12-8000- 10341000x800000000000000074660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:38.420{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:38.398{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:38.398{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:38.036{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C13BBC6A3DF7356270E6A77AA0AED875,SHA256=9A599BACD91DBCC111FFDEAABB52D4CB94C231C1B9E92C1950C0A9B055D1100A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032412Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:35.566{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51584-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032414Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:39.246{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2596F003DC85A24882064BA73DC23B3D,SHA256=F23D669F317E7C3B5C0BB36F2638582DF34ED92995A40293BD4821C14E0C3E7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:39.067{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F24DF66B25BE42D29FBA801CEF62782,SHA256=0E9BA7514DD505B6E49F151B368E04C0393FE1E3D68BE8380C69D4407401F06D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032415Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:40.386{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D72DABDBAC614141C402E42B101E3A6,SHA256=9BAB8D3EBB6756D7B4172F5C4A868F0FB0371749747B4B909A736CF7D0273A49,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:40.567{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000074666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:40.498{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000074665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:40.498{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 10341000x800000000000000074664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:40.498{8057F119-08A1-60EC-1400-00000000DB01}10762196C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:40.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB5B0EFBD89EBB5349C95073A73A90F5,SHA256=5890DA514A39B754634A3D8BEB49116E610253C651EFB8244068C8A03CD52952,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032416Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:41.402{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=011C1365047FA911A9A4CC2DF43858E7,SHA256=8B8CE3D16516C8192F25DEDA5332F542BE4B863A92BD958424D70E1909BF9706,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.719{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.719{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wininet.dll11.00.14393.4467 (rs1_release.210604-1844)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=2155253CEE186286631247CCF3C7D138,SHA256=AA97CAF5AE292D467421116F9DB4A84008A6ED868F1ADDBE06585BF3FCCEB476,IMPHASH=B3ABC7D59C2B1ACAEECA63C53B0AAC4BtrueMicrosoft WindowsValid 734700x800000000000000074712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000074711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000074707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SensApi.dll10.0.14393.0 (rs1_release.160715-1616)SENS Connectivity API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSensApi.dllMD5=DF734E991C205DC633582B8B5AD0E030,SHA256=68282D0183F3E580EF854BA0EA43686B9CD2ABA8DE61CD867224AC29C237E364,IMPHASH=E3903CEFE38192F3F5179F174FE5A2EAtrueMicrosoft WindowsValid 734700x800000000000000074706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6,IMPHASH=06716A63D3E6F97CB489B0D6810B3519trueMicrosoft WindowsValid 734700x800000000000000074705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000074704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000074703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000074702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000074701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000074700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000074699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000074698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000074697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000074696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000074693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000074692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000074691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000074690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000074689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.619{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.613{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.613{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000074679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.597{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exeC:\Program Files\Notepad++\notepad++.exe8.11Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exeMD5=3433991765511375D3EC11B4FE290298,SHA256=B30DDA913768A864106485E51682E90286D320023221F5676A42CC9B914A11F8,IMPHASH=B65402F137E08F6E43CEEF2CF25E0CC2trueNotepad++Valid 10341000x800000000000000074675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.566{8057F119-21BD-60EC-4B07-00000000DB01}58805432C:\Windows\Explorer.EXE{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Notepad++\NppShell_06.dll+4449|C:\Program Files\Notepad++\NppShell_06.dll+46a6|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+16d60c|C:\Windows\System32\SHELL32.dll+19e7e8|C:\Windows\System32\SHELL32.dll+2844a3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+16d8b0|C:\Windows\System32\SHELL32.dll+16ad2e|C:\Windows\System32\SHELL32.dll+737a1|C:\Windows\System32\SHELL32.dll+76686|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53 154100x800000000000000074669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.514{8057F119-2FD9-60EC-FD09-00000000DB01}6988C:\Program Files\Notepad++\notepad++.exe8.11Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\Public\Evil.hta"C:\Windows\system32\ATTACKRANGE\bob{8057F119-21B7-60EC-6B46-520000000000}0x52466b3MediumMD5=3433991765511375D3EC11B4FE290298,SHA256=B30DDA913768A864106485E51682E90286D320023221F5676A42CC9B914A11F8,IMPHASH=B65402F137E08F6E43CEEF2CF25E0CC2{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\Explorer.EXE 23542300x800000000000000074668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:41.097{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F45315C363EA10DCB9FF8AFC9A68D53B,SHA256=FD44463EDAC4459AD87AA0699A0E860B78E4FBAF099D98231F905AAAC6778045,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:42.535{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3ECA9D2C2D78895141986688246600FD,SHA256=C6116E6A0FACE0E984BBDFF9A499CC97BDC4C18F73F0A959DF6A7F8D43E7F2B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:42.535{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5599F32336098CC27522D9B52DF0DBD5,SHA256=FE63DBA9CB5D63144F5A9FCBF9A383065B3545765982BE4C6E54BAF699A46E8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:42.382{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9B63625E9572A686D3194A56DE1B1A9,SHA256=2B58319FD1C909BAD07BCF07C5D2C199756C5C74A442EB343DD80E042EE82916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032417Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:42.417{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62B8C2B444421309B7E3603B930C1D2C,SHA256=5D18383B8FEF40B444C51F8E76A2B9B95DAF4C9F06DD843740A495022032C561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:43.396{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCF27443DB0543750328D5C40FA37886,SHA256=E1C2F1232AAFE2EC339BD7D17388B5B002332DEF9D99DAFBEBB4BADF12BBBAF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032418Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:43.418{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9295B469A440CDE90826FDB4EB5AC932,SHA256=3303671014AA5DF71338D888127CEDB144AC97186E89D6495AAF4606ACB8073E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:44.416{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7488A7C89E98E5586025D210DA848317,SHA256=C8E1560FC2DD9E927756D5EDCC3784F2AA70205E69AFC046118AAB41428BC032,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032420Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:44.433{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B40AD790455516E487A1579CFC82E48,SHA256=CA992EE0FEB1F907E6D2CBD3B5BF0637BEC45F5C9170731DE27404E172FCC418,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032419Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:41.550{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51585-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032421Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:45.448{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26D0ABAC170AF835FD0CB11418E7B3D4,SHA256=692A92E668AF9AC9D8DB57584796E5F875737AE049B7AF8B02976C8AAE7EC81C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.948{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000074766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000074743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000074741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000074740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000074739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000074738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000074735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000074731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000074729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.933{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.934{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000074723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:04:45.549{8057F119-08A1-60EC-1000-00000000DB01}100C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d77716-0x1aedcd18) 23542300x800000000000000074722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65910196D169003280212CE19E6597CA,SHA256=D742631E0D78817FFC67F703DB1A59A1A47F935600BBB989D1AB54841D67DA04,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:43.302{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63389-false10.0.1.12-8000- 23542300x800000000000000032422Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:46.683{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A98A7D638C9FAA0A12D2A90264160B62,SHA256=C354E1318594F28BB58C6270732006669241F1666A5D66D8FC1FA54D572EC09C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.951{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3ECA9D2C2D78895141986688246600FD,SHA256=C6116E6A0FACE0E984BBDFF9A499CC97BDC4C18F73F0A959DF6A7F8D43E7F2B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.919{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\session.xmlMD5=DEF03FFC99A2AD93C1E3651E2F21D53A,SHA256=EBC040FF291FC703D2371683E4F23254DA1A6F46141EE1EE0A62B81339570C3B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.650{8057F119-2FDE-60EC-FF09-00000000DB01}82485788C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.650{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.650{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000074827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.550{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F04DC86D72C6396F37313D6E57C65201,SHA256=B995A80CB01916A870816204F2C50EA86DCB4076BDDB97E573B64B832F83BB9A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.465{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.465{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.465{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.465{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.450{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.450{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.450{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.450{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.450{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000074802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000074790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000074785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.434{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.435{8057F119-2FDE-60EC-FF09-00000000DB01}8248C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000074778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.218{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.218{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:46.218{8057F119-2FDD-60EC-FE09-00000000DB01}10192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000032423Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:47.917{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4674048937ABA872CDFE4C931BDBE0D,SHA256=3416CCD64128D55575FB14F1523800A90A80211A03946B0E0D9ADE4CADDED759,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.451{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D044DB9B774591D1560F5EDD041F325,SHA256=E4171553A97BF54A4385293A64CEB4A25EF1B69F3D64F592CDB59D69D52BE935,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.366{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000074884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.366{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.366{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x800000000000000074882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:45.669{8057F119-08A1-60EC-1000-00000000DB01}100C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-89.attackrange.local123ntpfalse20.101.57.9-123ntp 23542300x800000000000000074881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.151{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71E85D4399E11A43FAD0AE9CCFCFAEB4,SHA256=FBB574F40B07A368D60B45B22047659ECBB5F5264442BED76F71D4CC005CE69A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.119{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000074845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000074844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000074839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.097{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:47.098{8057F119-2FDF-60EC-000A-00000000DB01}9732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032424Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:48.980{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9481220680DC162E4280554A8AE5E3F2,SHA256=178C903C5CC6BA1A2112B2454553A7F37D33FB612CCF43D2CC384C93AD5DF7B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:48.452{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65CEA5208BDC8A3C58FD48BC217DFDC6,SHA256=BA4B85410F473584EDFFC6179279639617E9E32DE80B185AEF23EDCECF21C950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:48.099{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6A7DF162E2136BACE1A61FB54AE6FCA2,SHA256=4509EB6DEB558B069417D6B52C1B8788A6F2E80034C12E33A6E4BD17853A3160,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032425Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:47.519{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51586-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000074949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.699{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DADE0D8CE9FA94914A7E99DD4B29EF51,SHA256=02FC1BCC0D5ECFF6726E3FD83CE94C2CACFC1C065BB86679B589D11704A0B67A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.618{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000074947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.617{8057F119-2FE1-60EC-010A-00000000DB01}93048012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.617{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.616{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x800000000000000074944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.552{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000074943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.552{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000074942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.552{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x800000000000000074941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.552{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 23542300x800000000000000074940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.552{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF996b06.TMPMD5=D02E65C42AD32F3ABC147AE7AB968251,SHA256=E8818DF00616D25228108A1EFC74316126A1FE625A120883CCA21C9468504286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.499{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\aborted-session-pingMD5=70A5EAE5D52E6CCBE39E474C515BB4EF,SHA256=69DB778A5189CF835925AC5D38C213E9B50D33E0FA3F665765EFBF4C236245CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.436{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\Evil.hta@2021-07-12_120446MD5=C296E61AB180DBCFE81AD18681553A7F,SHA256=29E13063C9A1D28273197E16021AABC4F2D1C590AFA5C5A2598E5D53D97E13A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000074937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.436{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exeC:\Users\Public\Evil.hta2021-07-12 12:04:27.382 23542300x800000000000000074936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.436{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Public\Evil.htaMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.383{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000074900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000074895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.368{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.369{8057F119-2FE1-60EC-010A-00000000DB01}9304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000075056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.903{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000075055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.903{8057F119-2FE2-60EC-030A-00000000DB01}62329404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.903{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000075053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.903{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000075052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000075051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000075050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000075049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000075048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000075046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000075045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.719{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000075044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000075043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000075042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000075041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000075038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000075035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000075033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000075030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000075029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000075028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000075026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000075025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000075023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000075020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000075019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000075018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000075017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000075012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.703{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.704{8057F119-2FE2-60EC-030A-00000000DB01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000075005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.518{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000075004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.503{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1792F14CD0A23C87BF00FE64DE3B4A8C,SHA256=407073DDD05D0C5F85E98F9FCC55FBCA9FEDEB7AEB16D9990A20FCA374024ADC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032426Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:50.011{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96EA27B62DBC6D832D647DD91BAFC0EC,SHA256=09A4BC431C716C3CCE29C57A2274AD8E96AD43BD2441959AA888BA47CAB60BD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.387{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EA830766B767FA2442AF124E5A156605,SHA256=C9E053E93970B535F6C3E0304882C31FDC3204DED93589704921F847DBF5B007,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.349{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000075001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.348{8057F119-2FE2-60EC-020A-00000000DB01}71245572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.337{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000074999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.335{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000074998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.317{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04F45D0B08DBEFEEA5ACC1003571659D,SHA256=373D650DC583E23A31D9FD13C42FB537D8AF077EE6AE8D46304116C48A2FBDDE,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000074997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.067{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000074996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.067{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000074995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.067{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000074994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.067{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000074993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.067{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000074992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.067{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000074991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.052{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000074990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.052{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000074989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.052{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000074988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000074987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000074986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000074985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000074984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000074983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000074982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000074980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000074979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000074978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000074977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000074976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000074975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000074974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000074973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000074972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000074971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000074970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000074969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000074968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000074967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000074966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000074965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000074964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000074963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000074962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000074961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000074959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000074958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000074957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000074956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.036{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:50.037{8057F119-2FE2-60EC-020A-00000000DB01}7124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000075065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:51.706{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE4F3A042BF93C25B69B024F60CDE35A,SHA256=35CE162D38C38C3669DCD630B8BA07068F34B2033EB66B6C76EDFB833FD46E9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:51.638{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B519B7FE5A978654794DBC007A05484D,SHA256=30F7509876166A02752A91210D3E6E536D213D0F6D4B42AE303052D8DDC11BB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032427Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:51.027{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44D8CFD12C6544E82C7D1EE1D753206D,SHA256=895508477C2A5884B7A7A8863F73621D838170E73F67A670C583AAD2E25E9735,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000075063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:51.219{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\AlternateServices.txt2021-07-12 11:09:51.159 23542300x800000000000000075062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:51.219{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\AlternateServices.txtMD5=2CA0F1EDA2D6B41035E4AF051B96CA7E,SHA256=29F4BB746E974B1FF63A6F1F9279483C311225846E2681F547780184092448AC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000075061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:51.150{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\SiteSecurityServiceState.txt2021-07-12 11:09:51.081 23542300x800000000000000075060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:51.150{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\SiteSecurityServiceState.txtMD5=A25B8A0102A82D03A595D9211F584FE5,SHA256=2C02D20E984D6AA4D589AD3829E2C0C64286CC30A551D21F4EE826B89CF2E891,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.871{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63391-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000075058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.871{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63391-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000075057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:49.271{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63390-false10.0.1.12-8000- 23542300x800000000000000075066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:52.670{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ADC8516D52E7BC0645B6EA4D4746BCA,SHA256=7F42A8EEA1A44A44D0D2D075F82B096271135AA6D564AA0888FBC3C80B1E8DA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032428Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:52.042{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A693E7E3D0D01277C7D15CA392BB4D88,SHA256=7E532222944FC6A55E3D09A986BBBE972D85F7893887384282646B6ED8211CA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.972{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FA23A289CAFEAEA82CA11B31449595F,SHA256=2FF501B04255500527F912FF4FAC053EC7A6B547C782978BB98FB89BC07281EA,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.891{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000075119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.853{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000075118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.853{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 23542300x800000000000000032429Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:53.058{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8EEE13A10BC020AEA9F0A62ACFD18D7,SHA256=152872BAE0EF98810F5A6428592E1D00C6AC8A995B37A6112A24C614023457D7,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.421{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.421{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000075115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.421{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000075114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000075113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000075112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000075111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000075110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000075109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000075108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.189{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000075107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000075106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000075104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000075103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000075102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000075101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000075100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000075099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000075098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000075096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000075095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000075094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000075091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000075090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000075089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000075088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000075087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000075078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.174{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.173{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000075073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.172{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.172{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.171{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.171{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.171{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.170{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:53.169{8057F119-2FE5-60EC-040A-00000000DB01}8412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000075123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:54.890{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC02B77ED1AA859C0093692B1ADF3187,SHA256=A27E06986843FBFA6427BADA0491AD1BFD830D4D08416575F738F4EA42CF84F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032431Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:52.535{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51587-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032430Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:54.063{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=064BC5D41B8ED5B4B1529F5095F3CDBC,SHA256=B5A799F93DF0F46AB7BFE4A708477D16ED83E0516778577FE6522D084E82021F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:54.190{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0828BF860237E616180D3A8C111268B3,SHA256=69006A601D51AABC37929D0AD49A18A2BDAE6A23CEE6A150EB235526112BAD6A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.974{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ninput.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Pen and Touch Input ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationNINPUT.DLLMD5=BF084D22F7064E686F9BBAC541C680B5,SHA256=ED2E99746A98BAB14B5B565E5D3F092143AA2D8BD0CBD08FE047B64AEF5EF440,IMPHASH=ADED91AA394AD8A3D54B5A54F35771D4trueMicrosoft WindowsValid 734700x800000000000000075295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.974{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDC,IMPHASH=AB0E9B104017117F7BE18F3C6AAC279AtrueMicrosoft WindowsValid 734700x800000000000000075294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.974{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720A,IMPHASH=7C36F76BEB38B735155D539BEBF60532trueMicrosoft WindowsValid 23542300x800000000000000075293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.953{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE6FCDC70E9254790A54AB0D0062F660,SHA256=4E2568D6CE5661BB93DA1CB3FDD3899AD9BF7FFF8183F143CE18A02112EB56AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.906{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=917979ED006B013C96125D2C92184C0F,SHA256=2F6677B941D0BC9A896C66D36140F6D97B4F293901B8D92D5F26C97C2796FEB2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.890{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032432Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:55.094{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF9005E0B60CDB0FEFB0825061F2DC41,SHA256=8D8FD8B6553E22BF0686A82E2D48BFAD070B3D97E630E3A67396B7B198C6F721,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wlidres.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft® Windows Live ID ResourceMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidRes.dllMD5=924564C6374F361B38AF73212C520FC0,SHA256=91FEB10B955D69A7B758EFC53C7E51A1EDE9B875F823DC41B04356CA62133D77,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000075282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\WinSCard.dll10.0.14393.2273 (rs1_release_1.180427-1811)Microsoft Smart Card APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwinscard.dllMD5=85E2B5FCB057B0476687CCFE28E589A5,SHA256=4B99A7709FAC8E9CF95AA186651BE455C0998414E2D2D807DF1B000EB26FBD15,IMPHASH=8E9831D203C36A499228D7F02C6B90D8trueMicrosoft WindowsValid 10341000x800000000000000075279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.875{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.872{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.872{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.872{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.853{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\shacct.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Shell Accounts ClassesMicrosoft® Windows® Operating SystemMicrosoft Corporationshacct.dllMD5=6C3405DC9DB5740B6B2AD3AF67031A2E,SHA256=223153AF2A71D3549CCE25D3EAA294DD44471EA8A0733E5AC1EFD7D99D03886E,IMPHASH=F9EDABA9B540C273AC125BA9D119C3AAtrueMicrosoft WindowsValid 734700x800000000000000075258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.837{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 734700x800000000000000075257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.822{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\mfsensorgroup.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Sensor Group DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfsensorgroup.dllMD5=7CB78A0BF4D6AEA6A4C367DFC7645CD0,SHA256=5504F29CAE19AF9A98D65508A350F518AEA1C66235029B1881CA765146E92D99,IMPHASH=86C22AEFE3E4067CC0F34A1D80C38807trueMicrosoft WindowsValid 734700x800000000000000075256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.822{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 734700x800000000000000075255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.822{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Media.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Media Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Media.dllMD5=D99A463FD833B801A943698AC8AF81EB,SHA256=224405AC2CEFCFBB5E2AE3D98E9A5895BB2C39C128759E2FBCC3E84335E4E6D9,IMPHASH=88691B5201F0FCC6E05D2593797A195AtrueMicrosoft WindowsValid 734700x800000000000000075254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.753{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\samlib.dll10.0.14393.0 (rs1_release.160715-1616)SAM Library DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMLib.DLLMD5=4C413FEDB1B88DA18059890CE0BC95D1,SHA256=FAD279CE82D1616A533D6E5D3A20543B51FDBDDE4C764E09F6A01C8B0E44218A,IMPHASH=BF11630905AADA27934CD5411323FA5BtrueMicrosoft WindowsValid 734700x800000000000000075253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.753{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\DevDispItemProvider.dll10.0.14393.0 (rs1_release.160715-1616)DeviceItem inproc devquery subsystemMicrosoft® Windows® Operating SystemMicrosoft CorporationDevDispItemProvider.dllMD5=CCDEFAE1F31F9F9AED64686A143D3D0A,SHA256=CF96EB0C3422628398D218152A729221C0F5D09F287E083AE88ECD77DB2C11BC,IMPHASH=B96B407351B4F23871E4087C6E937148trueMicrosoft WindowsValid 734700x800000000000000075252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.753{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000075251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wlidcredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Account Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidCredProvider.dllMD5=BFDFA8D6CE74D72FC3CAC3E8B6D05FB7,SHA256=172538FF3768FA97A54D4B33B7E3253F568013DF9F8102E023DEFF4CA44B2BBC,IMPHASH=AC43D6C08681C0DFDC982DCBAA555A68trueMicrosoft WindowsValid 10341000x800000000000000075246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 734700x800000000000000075242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\threadpoolwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows WinRT ThreadpoolMicrosoft® Windows® Operating SystemMicrosoft Corporationthreadpoolwinrt.dllMD5=4D271D6FA08E19B78A99F948FB012F44,SHA256=92D9A5BC0F95FDE6BA83D17925122815BDF3803D949112852C3D97CFBA16D219,IMPHASH=0E03F54121A53AD6BC839C0721A3CECCtrueMicrosoft WindowsValid 734700x800000000000000075241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000075240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.737{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\certCredProvider.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Cert Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCredprovider.dllMD5=5C5920708E3A7386E3FB97F06A1CF6CD,SHA256=2CEBA7FEC4C2DA3384BE80CB70C5AF04F45727BDA3DEF9A79F478B071AB9FC0C,IMPHASH=A01F108876C25B588A60F1407EC75717trueMicrosoft WindowsValid 734700x800000000000000075239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.721{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\StructuredQuery.dll7.0.14393.4169 (rs1_release.210107-1130)Structured QueryWindows® SearchMicrosoft CorporationStructuredQuery.dllMD5=330E02FA330C93B93B477AA2F88C8A3A,SHA256=958A6977B820D04D94C8FD85C23CC62D77F0498BB59A648744E8F43704FD7F26,IMPHASH=870079407DAAD548AC5B3F417EEBB243trueMicrosoft WindowsValid 734700x800000000000000075238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000075237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.721{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ngckeyenum.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Passport Key Enumeration ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationngckeyenum.dllMD5=ACF9A79DE065065D9B9F3C060D8FD883,SHA256=72A663ED47F6354E1EF19D6E5D4BC1118B8BF699B9E112E89BBE8DC8B9D83187,IMPHASH=7408E186279579FBFF9DD5099C815B63trueMicrosoft WindowsValid 734700x800000000000000075236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.721{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\BioCredProv.dll10.0.14393.4169 (rs1_release.210107-1130)WinBio Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationBioCredProv.dllMD5=73F8BD8ED7C88C247AE1F8931FE84024,SHA256=50102694895A05D4554A54C775A033664DF7B9E51347F918E2A2FEF2F2B747C0,IMPHASH=01D3BF39F15617F2002037CAEC4CA502trueMicrosoft WindowsValid 734700x800000000000000075235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000075234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.721{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159A,IMPHASH=D9F27AFFC8B05CE56A2B9B9CD5B4C9B5trueMicrosoft WindowsValid 734700x800000000000000075233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1F,IMPHASH=518BBC26E9BA87459E80712401FEE077trueMicrosoft WindowsValid 734700x800000000000000075232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ngccredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Passport Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationngccredprov.dllMD5=5125FB8AD27095A89651EFE26DF82B8F,SHA256=B49A3E4B223B5737ABB834DA077E2F525B8D5A4E7A226134AD23B19BD20DA5B5,IMPHASH=BD5237271CB2F0AA3004D8AC0791F836trueMicrosoft WindowsValid 734700x800000000000000075231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDA,IMPHASH=CA757A840D91610BF593E8A2814EB9B3trueMicrosoft WindowsValid 734700x800000000000000075230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.705{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Devices.Enumeration.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Devices.EnumerationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Devices.Enumeration.dllMD5=4C62915A0F4A5D426D857C5DEC342AE9,SHA256=371A5B33833D0433F525EF0A0E61B7EFE5F91142F814241AB291C178B055BCB3,IMPHASH=19CB1EC42DBF9C106DE4DE251E31017EtrueMicrosoft WindowsValid 734700x800000000000000075229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.690{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\facecredentialprovider.dll10.0.14393.4169 (rs1_release.210107-1130)Face Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationFaceCredentialProvider.dllMD5=75568151502F3012E5A0B28D53517B21,SHA256=6CD897692F27AF5291034213CFA48CF0A0517C33A5A23ED270F12DDE98FB32D9,IMPHASH=A57735F3674892C8A813AC842EA6CFAFtrueMicrosoft WindowsValid 734700x800000000000000075228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.690{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\cngcredui.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft CNG CredUI ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcngcredui.dllMD5=FE84C1709B761FFCFA7F4340FA451A65,SHA256=329D2D141C9C0ECC68C12E8B68D0413C396F47C83C85621A410773D8BB1A494C,IMPHASH=9AEED300060E76958D7D2ED9F8BF8EDFtrueMicrosoft WindowsValid 734700x800000000000000075227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.690{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\credprovs.dll10.0.14393.4169 (rs1_release.210107-1130)Credential ProvidersMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovs.dllMD5=913EF3B2F5DF7C749774F6FF3B054C11,SHA256=4E3F665593865080E37EA4F3108102FD222C2DECE3841F178EAF29A9CCB59C2C,IMPHASH=4D8C135A6C32D5E52CB9D0ED6F5E66D4trueMicrosoft WindowsValid 734700x800000000000000075226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.690{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\credprovslegacy.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Providers LegacyMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovslegacy.dllMD5=C54FE5EE50B5B797FFCFCC1B00A0076C,SHA256=2676BC00EB97E8BC4F3052EF09106DA33FA33CECC66D179164B3B2FE9DEFD9F6,IMPHASH=350AE9643284403B93B04574B73914E7trueMicrosoft WindowsValid 734700x800000000000000075225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.690{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\SmartcardCredentialProvider.dll10.0.14393.2248 (rs1_release.180427-1804)Windows Smartcard Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationSmartcardCredentialProvider.dllMD5=89F3FE0276D7A31BA02AC3366F964FEE,SHA256=EE1AC8484F240304375600A1B95B64670D660EEC8E3D9F49D7782505D38E28B2,IMPHASH=634A0E8BBEC2A27265F521A876EDBBDAtrueMicrosoft WindowsValid 734700x800000000000000075224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.674{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9,IMPHASH=D27BDFF964B5FDB8A5E9B0599333826BtrueMicrosoft WindowsValid 734700x800000000000000075223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.674{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000075222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.674{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\credprovhost.dll10.0.14393.4402 (rs1_release.210426-1725)Credential Provider Framework HostMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovhost.dllMD5=D64A4C4E4CDB8DD6128D4EFAC4118353,SHA256=A503771EBD077D5C5C2EFF2499E074A8B05099A59D68E7668F403EB6DC4A902A,IMPHASH=2B8D4C5C44B72C4C63973FFAB9046281trueMicrosoft WindowsValid 734700x800000000000000075221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.670{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\CredProvDataModel.dll10.0.14393.4169 (rs1_release.210107-1130)Cred Prov Data ModelMicrosoft® Windows® Operating SystemMicrosoft CorporationCredProvDataModel.dllMD5=6B8B71ABE125771FEE8A44D0F941CEF3,SHA256=1C7C0865C8BD4CD12867432AC71144923344F596EFA2D7C42DD9EF37F508F519,IMPHASH=E95B43892FF230687F925F53516FD6F3trueMicrosoft WindowsValid 734700x800000000000000075220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.652{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Logon User Experience Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Internal.UI.Logon.ProxyStub.dllMD5=BA676D9CAC156F110C3E109367BC3E0C,SHA256=1B4D4D75C4E651BDC6077679581B5246667A2E63171FEB9B8566B1A638683D79,IMPHASH=652A046C44C4B1CC212802D3079219D4trueMicrosoft WindowsValid 734700x800000000000000075219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.637{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\FontGlyphAnimator.dll10.0.14393.4169 (rs1_release.210107-1130)Font Glyph AnimatorMicrosoft® Windows® Operating SystemMicrosoft CorporationFontGlyphAnimator.dllMD5=3179BAF869C1815F2A39438DD5EFD620,SHA256=7A89DD1B6F0DCF16AF14A03EA04718DAAD8FE01E97C61933BD81E6371251AA31,IMPHASH=50CFAE7BE5DDFAF9B3957BA4D337BEADtrueMicrosoft WindowsValid 734700x800000000000000075218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.621{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85F,IMPHASH=0280A5811869EFED56B453A140477D51trueMicrosoft WindowsValid 734700x800000000000000075217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.605{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=BB0ECCB8A72B5926A58433666145D459,SHA256=9C082B0EF00A6E174062634F0421B1179D27BC9077A5C0B1FEB2AA74DBAC2E68,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x800000000000000075216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.589{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187E,IMPHASH=5F8C6AF7D0781F35A516AEB072DAD045trueMicrosoft WindowsValid 734700x800000000000000075215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.589{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x800000000000000075214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.589{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000075213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.589{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x800000000000000075212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.589{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000075211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.589{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000075210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.574{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000075209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.574{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4283 (rs1_release.210303-1802)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=4331AC493E264AF1378E0082194D07A5,SHA256=81B8E123110B9C7A34957B9176791AD86EA874315D4555FDC85CF20975E08D99,IMPHASH=C0750252600F63F4BA1D73794E8FE8C0trueMicrosoft WindowsValid 734700x800000000000000075208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.552{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\CoreMessaging.dll10.0.14393.3930Microsoft CoreMessaging DllMicrosoft® Windows® Operating SystemMicrosoft CorporationCoreMessaging.dllMD5=3D9D2F367587B2E93F2868F52D4ACBDD,SHA256=B4B27A7D4B9B685B6015D090B6A3E0E578AFBDE8D6C06A8F2E606A439D5A4BA4,IMPHASH=92CA7117B99353AC45978E95EEB5A46DtrueMicrosoft WindowsValid 734700x800000000000000075207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.552{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Xaml.dll10.0.14393.4470 (rs1_release_inmarket.210704-1611)Windows.UI.Xaml dllMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Xaml.dllMD5=6F79837DE63E915AAE0672450E93FB5A,SHA256=2169B1FAEF092332F4B72F142E2FECC8554A0E2756715711F5E15431784A5261,IMPHASH=B872FEAB4926DE1D74C3DF5AC4E62C2CtrueMicrosoft WindowsValid 23542300x800000000000000075206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.536{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF06A29CA90A51CEEEBF0895A4BC0FC7,SHA256=D5E89D9892C34B2E8F33392C82782971DC7696068000F83BC01A12BB95AE41D8,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.390{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 734700x800000000000000075204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.390{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\MrmCoreR.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows MRMMicrosoft® Windows® Operating SystemMicrosoft CorporationMrmCore.dllMD5=D730B5700BEB4A7E6E4244684356739C,SHA256=26083BEB490E48F5711D69A0E597B7A4CC6FB4B31EDCD535A0FF0DFBE4E6F8DD,IMPHASH=462A9FA6F44F25C68798F197AC8EC9D9trueMicrosoft WindowsValid 734700x800000000000000075203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.390{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000075202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.390{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wincorlib.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows ® WinRT core libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwincorlib.DLLMD5=F08F4542548A5CD4F521491164598021,SHA256=D60844E5A091DD42CB1BC03CA76B8BBAF55C5B1A9EC3F1403AB241DDE36CA630,IMPHASH=7118E177B350BBAD51DE9533CF52B852trueMicrosoft WindowsValid 734700x800000000000000075201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.390{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628,IMPHASH=31EA1856BC7597303D8126028BBFDFB8trueMicrosoft WindowsValid 734700x800000000000000075200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.390{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Cred.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Prompt User ExperienceMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Cred.dllMD5=78EED0861A739C42B882A074C8C6EB66,SHA256=3BFDDC668D78212AACD74DE956A004582DBA1FBC9DDFB3B3FF9368F3FF16991A,IMPHASH=937A04AFF9E2F1B9DE53D1339BC71147trueMicrosoft WindowsValid 734700x800000000000000075199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.374{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.XamlHost.dll10.0.14393.4169 (rs1_release.210107-1130)XAML HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.XamlHost.dllMD5=3EF300C64E57C482FEC2A62454CC45BC,SHA256=CED0EEE32D019EAF1BE70190B87FA9858054DEE20DE77EF0BDC67C2B8B0DD669,IMPHASH=76C7A23349305BC2F339502E1330DC92trueMicrosoft WindowsValid 734700x800000000000000075198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.369{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7E,IMPHASH=945C5ACF3D7F6243AD6374B1152227D8trueMicrosoft WindowsValid 734700x800000000000000075197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.353{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 734700x800000000000000075196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.337{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.CredDialogController.dll10.0.14393.4169 (rs1_release.210107-1130)Credential UX Dialog ControllerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.CredDialogController.dllMD5=914E180859851B8FF502A541C5EE5C1F,SHA256=4139824AE8D81F519CE57E46F7514D82A42BEBE8A3971B32666CF2A2AC8390F8,IMPHASH=36C915CDD5835C99A10F8B3C525E4356trueMicrosoft WindowsValid 734700x800000000000000075195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.337{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000075194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.337{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wincredui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User Internal InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwincredui.dllMD5=27B7A3DDE710FEC067E7AADBB396FDCC,SHA256=BE73F24E4E7E5002A78784D60F82840B42FB2AAD593623D00535E0403B01EAED,IMPHASH=5BF8C42D151FC064CDF2E863454964AAtrueMicrosoft WindowsValid 734700x800000000000000075193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.337{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000075192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.322{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x800000000000000075191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.322{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\MMDevAPI.dll10.0.14393.4169 (rs1_release.210107-1130)MMDevice APIMicrosoft® Windows® Operating SystemMicrosoft CorporationMMDevAPI.DllMD5=CF179D8A655703FDD273891432EBF588,SHA256=722863E48713AEDC9E7EA95C181CAAA389B147BCE51A7E815F0D4189AF92B6E8,IMPHASH=A9DFEC2D392C78A08CC45D2B95165EEAtrueMicrosoft WindowsValid 734700x800000000000000075190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.322{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\WinTypes.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=F26A1B9400B1B37D899B01DA8DE809F7,SHA256=F0AFDE11FE0C22D0A25CA4F5A07FEDDC6D3014902360566575E4AB5C164AB8E0,IMPHASH=58F905117CF0434AF54A7CD9D43EEF30trueMicrosoft WindowsValid 734700x800000000000000075189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.306{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\AudioSes.dll10.0.14393.4169 (rs1_release.210107-1130)Audio SessionMicrosoft® Windows® Operating SystemMicrosoft CorporationAudioSes.DllMD5=4B97F920560452EC199062492055FF4C,SHA256=FF75E4970C94C270783461F9696829E3159E5254C818E3F86AE521018B1EF055,IMPHASH=18FC7797E056AFF42D40FF05B182DB5AtrueMicrosoft WindowsValid 734700x800000000000000075188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.290{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\credui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationcredui.dllMD5=F3EA67955C81EDC0351A4E7418EEEAF4,SHA256=1DC9FF6C665A376789094BF59DCF125A7BE0280D798C74C0853AD1D808104F5D,IMPHASH=4559CD65117B2CEA951EAA739A2320C9trueMicrosoft WindowsValid 734700x800000000000000075187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.290{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000075186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.290{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000075185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.275{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 10341000x800000000000000075184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.237{8057F119-08A1-60EC-1400-00000000DB01}10761436C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x100040C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+63c9|c:\windows\system32\cryptsvc.dll+62d1|c:\windows\system32\cryptsvc.dll+5e56|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.221{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000075182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.205{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000075181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.205{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.205{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000075179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.205{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000075178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.190{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 10341000x800000000000000075177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.190{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.190{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.190{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.190{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 10341000x800000000000000075173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.190{8057F119-2FE7-60EC-050A-00000000DB01}102365768C:\Windows\system32\consent.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x70C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\consent.exe+1452|C:\Windows\system32\consent.exe+3ca7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000075171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000075169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000075167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000075166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000075165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000075164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.174{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.173{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msutb.dll10.0.14393.953 (rs1_release_inmarket.170303-1614)MSUTB Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSUTB.DLLMD5=17CD28B5081E8C9D25228987EDD4E4F4,SHA256=7AA14D2F375CCB4A57053144BC826132938C66ADDB282C940F736F3C6E358DA5,IMPHASH=C2050C3A907779B8B143FA73DD6A1241trueMicrosoft WindowsValid 734700x800000000000000075161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.152{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000075160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.152{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000075159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.152{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000075158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.152{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000075157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.152{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570,IMPHASH=2E790E44628AED89C2CC17E1E4A5CE1CtrueMicrosoft WindowsValid 734700x800000000000000075156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000075155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000075154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\MsCtfMonitor.dll10.0.14393.0 (rs1_release.160715-1616)MsCtfMonitor DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMsCtfMonitor.DLLMD5=81BC8DBCD544B8837BCBC5CAD0C9CA08,SHA256=C67286427B136D36F2785B3DF169B8D3E820ADCD1C836B69770439A9456A2E8E,IMPHASH=9B989CE38CE9C40F828E034B46B8E9F3trueMicrosoft WindowsValid 734700x800000000000000075153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000075152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000075151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\wmsgapi.dll10.0.14393.0 (rs1_release.160715-1616)WinLogon IPC ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationWMsgAPI.DLLMD5=F057E6CFED6521141F9E2AA786FEBF9E,SHA256=FE15ADCBC8E9B129BC09FEC47A89A487F5D9E537DC05674C413A8D9D84860535,IMPHASH=0070F559678E041C453782364C13F0C2trueMicrosoft WindowsValid 734700x800000000000000075150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131,IMPHASH=6FEE5278940E0EA644D3641165D77874trueMicrosoft WindowsValid 734700x800000000000000075149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000075148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000075146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000075145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000075144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x800000000000000075135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000075134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\consent.exe10.0.14393.4169 (rs1_release.210107-1130)Consent UI for administrative applicationsMicrosoft® Windows® Operating SystemMicrosoft Corporationconsent.exeMD5=2D39786DACCF1721F552F3195E72766E,SHA256=D1FAD06A025FEBDD896A8B17182F31CCD4F92EBA8C696485FFF77C0823CFF723,IMPHASH=9E56AB88B9592E0AEB5042020D43259CtrueMicrosoft WindowsValid 10341000x800000000000000075130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.137{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.121{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+2c4f|c:\windows\system32\appinfo.dll+4026|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.121{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1014c0C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\appinfo.dll+33d8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000075298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:56.891{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D436F77914AF2E492439CC8C9EFF989,SHA256=B29A73BC1D4F40EFC16D82307379C48FBE60D48D17D01D83A9C67330EC027B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032433Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:56.125{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F685E85D9F773BED501C346C1495B0A,SHA256=1A6257C78372C1174F4F5B684D11A7469D72CC416D0B27460C8D08C5C57008B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:56.137{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=32487E3B20F479948770DF678AD6BE33,SHA256=9878A681EA69E993BFC026BFCD25488F7DFB1D60F051F4BB9961F24908051915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:57.891{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65367B66BF0046CDB30114AD9DDBC160,SHA256=D5BEDABBF5FB3AB8513776FCD347A3996B222A2A7E04AD344A8998CA8FE2189E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032434Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:57.141{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00D6B2EE7FAA89BDF002340CB67A9DE9,SHA256=E4CFAFD2AF4EA0E1D939BA787852A9C7778F0DAC9F4E9F35BBA6C4F680451D21,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:55.225{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63392-false10.0.1.12-8000- 23542300x800000000000000075301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:58.906{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A090D6E2A0AE89ABCC461D6B6F7C6E84,SHA256=26068E653429194523983C385224256FAB3940BC2FDE35EB3197DDEB5C8DDF7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032435Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:58.266{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0E232BC675D727C7A32FCBCF8C2321C,SHA256=D2C8814412A4D3046C3F0EF536BBF22CBD3FC781E2E688FF0BAC43340BF9D9F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:04:59.921{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC6EC7B7D49D33424D51824F3A97470A,SHA256=42914A1A7A2F5AEFD55E3A161E2E3C3DDEE7DA2B2DE412B49D15520C687D11C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032437Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:57.601{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51588-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032436Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:04:59.281{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D4A1099402F61CDD78CA472F35AE9C5,SHA256=24223B54DC1775B06A2CCB093216DA1C85F6A12103C87C394E3ED97777CDBFC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:00.936{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6855B2C5CCFF16D9FA251E3E97FE20D,SHA256=255A66A557C543C720A939884CB154E865623CF8499C70C30FA3CECBD25C9983,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032438Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:00.297{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA6258F6CEAC4C334DA21F5AD0ADAD5F,SHA256=6866585AF5431A2A5A43DCB503BF20DDE79CDC312E814E7D5C55783AF7247C5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:01.951{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80C71ADA57807EF05F4E0211657F6E78,SHA256=EE49D675BAB729224C4199DC9F505C4684BCACE27485AE903BE7BA8C4781F760,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032439Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:01.313{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9E4F49242A1A57D8023EDA38F8E8CDC,SHA256=B900D1B2EBDCBB7C5181BD9B278822A6E11709639C71A4591005A83173FB34B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:02.953{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39EB515B2A39F4B7EDD4160D02EF370D,SHA256=1FC239D3B3AC2F4E8A6890B94621D5050E05541F034AC644D553410C2F8F0A8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032440Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:02.314{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=997F12310AD41B6C0CDB14A8D48738BF,SHA256=96C16E1CDA9EDA1B6205E877CD4F2DCAD0D4EFD2AAE0084A90FAE9BB1867DB98,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:00.225{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63393-false10.0.1.12-8000- 23542300x800000000000000032442Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:03.359{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E215EBE48DDFAB67A61041013CB8A54C,SHA256=D21EDF1F0B9095BAF361CCCA17CB0D75355DA676B78E3A2BAC6312FE0679111B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.874{8057F119-2FEF-60EC-090A-00000000DB01}61766300C:\Windows\system32\conhost.exe{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.872{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000075407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.854{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000075406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.854{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.854{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000075404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.837{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000075403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.822{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000075402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.822{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.822{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.822{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.822{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\ConhostV2.dll10.0.14393.4402 (rs1_release.210426-1725)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=EBEFEF1FE2B0D6FF2595203DADE100C9,SHA256=70F4BB4198467DA8E2FD7AF475536B3F2FD1B3E56CEE7E376D0303C149C449F9,IMPHASH=49A59B06FE5B10F21E36B588430BFDB3trueMicrosoft WindowsValid 734700x800000000000000075393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000075392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000075391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.806{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0,IMPHASH=2C980A4DA7C717CC670CB9E1D2C4D733trueMicrosoft WindowsValid 10341000x800000000000000075387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000075386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37AtrueMicrosoft WindowsValid 10341000x800000000000000075382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+3c57|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.794{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" C:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\Explorer.EXE 23542300x800000000000000075375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.791{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=3A62DF1602B0C2956669063281BA61FC,SHA256=0E7E0006D3C4EFEF63E090065442A153511D49D70A228843F890A516B94885F2,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.774{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000075373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.774{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000075372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.774{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.774{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 734700x800000000000000075370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.770{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000075369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.753{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.753{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.753{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.753{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.753{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.753{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000075363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000075353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.737{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-070A-00000000DB01}5884C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.706{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.706{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.706{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000075348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.706{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000075347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.706{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.690{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000075345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.690{8057F119-08A1-60EC-1600-00000000DB01}12365984C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.690{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.690{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000075342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.690{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000075341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.675{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.675{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000075339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.675{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.653{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000075337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.671{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.653{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.653{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.653{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.653{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.653{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.637{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.622{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.590{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x800000000000000075328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.590{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000075327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.590{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.590{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.590{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.590{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000075323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.575{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.575{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-060A-00000000DB01}4684C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.575{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.575{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.575{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.575{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.553{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.553{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.553{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.553{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.553{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.553{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.474{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FF,IMPHASH=6691D3D33C2662107A11540A5A994674trueMicrosoft WindowsValid 10341000x800000000000000075310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.437{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.437{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.106{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000075307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:03.091{8057F119-2FE7-60EC-050A-00000000DB01}10236C:\Windows\System32\consent.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AE,IMPHASH=52045AC79DBE663F06AB7C9717524D40trueMicrosoft WindowsValid 23542300x800000000000000032441Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:03.126{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032444Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:02.462{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51589-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000032443Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:04.377{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8152841E2CAC13155D98F894EFAD6514,SHA256=A7F3188C1C4692417C3BA8BE851442E75DD0671BDAD3A86EC7AEB73FD11631E9,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.819{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\atlthunk.dll10.0.14393.2969 (rs1_release.190503-1820)atlthunk.dllMicrosoft® Windows® Operating SystemMicrosoft Corporationatlthunk.dllMD5=BECA5E9FA540246333036919A57B7AEF,SHA256=62C24B274B38A88C83EE122CB30142C2135953C1A26582AD003512B238CB7FC9,IMPHASH=E86BAF1A171668A11110B8975A3BDE27trueMicrosoft WindowsValid 734700x800000000000000075619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51,IMPHASH=05056B92E29CCE6F97F9C6674AE080C0trueMicrosoft WindowsValid 734700x800000000000000075618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000075617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000075616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000075615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000075614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046,IMPHASH=563B6F147961D943E0261E05EAD94B56trueMicrosoft WindowsValid 734700x800000000000000075613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.788{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 734700x800000000000000075612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.768{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 23542300x800000000000000075611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.751{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFAF29CAF93B57E7CF490AB6EF99B83F,SHA256=6CE7A450C9B630C6A5445CA4AFCD7FEE8BF325CB0BE30F0966F97D7B8ABBCB7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.751{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=18090F3567D3D893534D18E360CB4E64,SHA256=D37B5D0A228A1ABAC9C1C4DF6854B8EEB83D559AED69A8BB8DBC81B5C26EA42A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.751{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=F8EFF862C12C4CA8BE471345A7610C06,SHA256=BDBAEA16453FD6F8263DEF66511EF899C4DD116693CE0DA837940E0DACB2F0B4,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.735{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9,IMPHASH=427F18493D540CBF4092BD07A97BE51FtrueMicrosoft WindowsValid 734700x800000000000000075607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.735{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000075606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.735{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000075605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.720{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\polstore.dll10.0.14393.0 (rs1_release.160715-1616)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationpolstore.dllMD5=AE6F98B3745A1EFEFBF3B7A8A3C3C53D,SHA256=C1D6274305D023AEB46EDD8981B873E53546648AE12053774C4278FB9BD1D011,IMPHASH=A0AC5A6530D0A76AD98B72F80717E27CtrueMicrosoft WindowsValid 734700x800000000000000075604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.720{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ipsecsnp.dll10.0.14393.4169 (rs1_release.210107-1130)IP Security Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationIPSECSNP.DLLMD5=787CFB5A7CBEB7125E61B59081DFF212,SHA256=553B8503559AC164359EFFD2A966DE35C50F840F5D51EBE58108B5C388AD3932,IMPHASH=809DD47539EED08BC0A26132903E0004trueMicrosoft WindowsValid 734700x800000000000000075603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.704{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000075602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.704{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dsuiext.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Common UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsuiext.dllMD5=FE6052C8CCDC9570E0A6535A0DA46BD9,SHA256=4D0AC8F3C5C258DFAF8DDF07A37B94ADE58E838EED5FA610FC13E957D98E4E79,IMPHASH=D81CA2AA793C8BAFCBCE288F63313BCBtrueMicrosoft WindowsValid 734700x800000000000000075601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.704{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2,IMPHASH=AB84E6F170EE70C2F0F5C709A85E872CtrueMicrosoft WindowsValid 734700x800000000000000075600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\authz.dll10.0.14393.1737 (rs1_release_inmarket.170914-1249)Authorization FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationauthz.dllMD5=6BAADF6A3E985DE5AB6FDA778E18F1A5,SHA256=8FD060B0F29A1FB23C3D1F389C22EC067247F1E457F331D2B15AE44323ECB8D0,IMPHASH=720B221BA6A01692F2370B4CCC197970trueMicrosoft WindowsValid 734700x800000000000000075599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dssec.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Security UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdssec.dllMD5=40D4AF43D521476F76C71CBBA609BD52,SHA256=56DE5022EC8C1CEB6203463F681E828D2D500BF066D1F3D617F5D1849FE99FFB,IMPHASH=02988505EDF42864EE719379A329CFC4trueMicrosoft WindowsValid 734700x800000000000000075598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000075597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\gpedit.dll10.0.14393.3986 (rs1_release.201002-1707)GPEditMicrosoft® Windows® Operating SystemMicrosoft Corporationgpedit.dllMD5=2763BDA50EB812D28B97EFDE6C72A906,SHA256=1C50275E3A13A5C13DBAB322262C072CE26ED2F9276B8F572489E0914BD28C51,IMPHASH=4806C6DC2AD2917E93136CB79138A68CtrueMicrosoft WindowsValid 734700x800000000000000075596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\scecli.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Security Configuration Editor Client EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationscecliMD5=BAA89268BE81CC61434688AD2D9640FB,SHA256=CEA9666B3CDCC33B2338B80D0DB4FFA0B12A78A5436FC311D78A4E7914F6EE87,IMPHASH=E8ADB2FA4DE364A13AACC7A2AB0A7DC7trueMicrosoft WindowsValid 734700x800000000000000075595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x800000000000000075594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.688{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\wsecedit.dll10.0.14393.4225 (rs1_release.210127-1811)Security Configuration UI ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWSecEdit.dllMD5=09E58C11C76F18E6710E3843C25CA3DD,SHA256=DC345CB26416422921B48185086FDB1545C3655CCAACE3DB9E9C571647DD8CCF,IMPHASH=7A899B1ACB52241546FFC5E0A7779E17trueMicrosoft WindowsValid 734700x800000000000000075593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.685{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8,IMPHASH=B53F82B33CA6ABD6251152A46E5FF78CtrueMicrosoft WindowsValid 734700x800000000000000075592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.682{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000075591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.666{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\aclui.dll10.0.14393.2515 (rs1_release_1.180830-1044)Security Descriptor EditorMicrosoft® Windows® Operating SystemMicrosoft Corporationaclui.dllMD5=90FD7D609825CE93CC663E37DDBA1CB5,SHA256=C1F84D5A7F171C7FB4986E4E647BFB78F7E9D7DDEFDCD92EA5CAAB77AA7E11A9,IMPHASH=9939EFA70C5D79987E10B21C80592DAFtrueMicrosoft WindowsValid 734700x800000000000000075590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.620{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70,IMPHASH=6FD21A38F62935B130604FF29AA3AFC5trueMicrosoft WindowsValid 734700x800000000000000075589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.620{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123B,IMPHASH=4DD388EAD48B428D06DBB92F58C86A13trueMicrosoft WindowsValid 734700x800000000000000075588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\imagehlp.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationIMAGEHLP.DLLMD5=E1C665DC0FD5A7423B0C0F5325A1027F,SHA256=8B84BE9335EF640ABAA8E8BBA45C6BC77F2251359D4BCC157235CB4BC107AE69,IMPHASH=C88C4D131D277C03F0879B4E0D5679DBtrueMicrosoft WindowsValid 734700x800000000000000075587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000075586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210,IMPHASH=BC4A2B9355432144727A5322381AB386trueMicrosoft WindowsValid 734700x800000000000000075585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000075584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885,IMPHASH=70AAA0F56F084D1AE09EB5CD51B268ECtrueMicrosoft WindowsValid 734700x800000000000000075583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\logoncli.dll10.0.14393.3808 (rs1_release.200707-2105)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=B5C16F0A457DB3C7695AAC9EE7E3EE1E,SHA256=88764349C57E619C6D1253BB2F4AFB27DBD141E9EB9C12D445C20F7384A4F437,IMPHASH=FD7877EA3FC7D2EDCA1ADC932A5034BDtrueMicrosoft WindowsValid 734700x800000000000000075582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000075581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000075580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000075579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ntdsapi.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntdsapi.dllMD5=01AD803D409DC3C6582A9C519EB4B014,SHA256=C5A0873EC1223A67CE5980BB62F176FDF2E61BB54081CE004F479629413F27AA,IMPHASH=F054B0981CD29F6A35E7C04E22CBC1FBtrueMicrosoft WindowsValid 734700x800000000000000075578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000075577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000075576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.604{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000075575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.588{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8,IMPHASH=62620EF249FFBE3A3FFFCF86ECC0E8AFtrueMicrosoft WindowsValid 734700x800000000000000075574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.588{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 23542300x800000000000000075573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.587{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F589B98FD66938CC90487445F0A286E9,SHA256=A4DC47F446B3EDAD24BCF7C2999F79104924C3AF090EBCFF678E82E8DE0B33A0,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.587{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000075571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.587{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7,IMPHASH=E4AC0A0BD42B7356347D6A1BE150F6A6trueMicrosoft WindowsValid 734700x800000000000000075570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.587{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000075569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.587{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23,IMPHASH=2BEC012C7F0C624C5C5ADC500530215DtrueMicrosoft WindowsValid 23542300x800000000000000075568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.586{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BE5C830A33D1D107D3C5E3AB10AFC425,SHA256=00CF72AA28AFFE43C1CBD0F75CF1B59FB935C408587D7F25E50C9F9A0D2B51E8,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.586{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\certmgr.dll10.0.14393.4169 (rs1_release.210107-1130)Certificates snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationCertMgr.dllMD5=3DA0529210995B257F9ED33CB14A2FC3,SHA256=A3EBA3CB56A57EFA43E9C49194F2FD41B81481F88062959BDC4DC3520416A309,IMPHASH=5657D08561EA9D97B13FA4C28661EBEEtrueMicrosoft WindowsValid 734700x800000000000000075566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.584{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\wlangpui.dll10.0.14393.4169 (rs1_release.210107-1130)Wireless Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationWLANGPUI.DLLMD5=9E33E97A0FE466076D42D13F5635A478,SHA256=AEE7A26D0D10F949228D0C7D241CAC457663902B428AD30DDE594C56AADF77F4,IMPHASH=0D879D7637744E29F6C3E75CFEBC015EtrueMicrosoft WindowsValid 734700x800000000000000075565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.582{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\AuthFWGP.dll10.0.14393.2155 (rs1_release_1.180305-1842)Windows Firewall with Advanced Security Group Policy Editor ExtensionMicrosoft® Windows® Operating SystemMicrosoft Corporationauthfwgp.dllMD5=53317F9C457BEC2D5FF5B77DFFF77C50,SHA256=93C6ABF90D8A7E6502F85266BCCE9A27B2021ED02E0F64AFC6DA2F4591D15906,IMPHASH=92F2C0E6509696CC91467DCBAEDF933DtrueMicrosoft WindowsValid 734700x800000000000000075564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.580{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000075563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.580{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.579{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\eappprxy.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft EAPHost Peer Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationeappprxy.dllMD5=8859948D74C0CE993BD9FA2D7C816A0E,SHA256=E48867AD309BFBE43E4A2F6B702EF19656E1F9E65FC9F0DF179539BAD6BF338D,IMPHASH=5E19174AE1E573CB6B03FB1013388E28trueMicrosoft WindowsValid 734700x800000000000000075561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.579{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000075560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.579{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\onex.dll10.0.14393.4350 (rs1_release.210407-2154)IEEE 802.1X supplicant libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationonex.dllMD5=B958F829E52F260087CB7209F7B99555,SHA256=1428C08B74CC2D0EF9E493187F1963E7B47898249EB158CABE908B82B771C409,IMPHASH=BCD01C70FCB0801784A8044932B1C44AtrueMicrosoft WindowsValid 734700x800000000000000075559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.579{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\eappcfg.dll10.0.14393.4169 (rs1_release.210107-1130)Eap Peer ConfigMicrosoft® Windows® Operating SystemMicrosoft Corporationeappcfg.DLLMD5=98CEFA645EB1E49E520DE83C80756469,SHA256=5DDFB12A86D6B8C674859C3F52A3C720DB0D6C26486DFCC062D36BFFE9345473,IMPHASH=AE4E90B7ED47E5CD4A726EC6204EBECBtrueMicrosoft WindowsValid 734700x800000000000000075558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.579{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\l2gpstore.dll10.0.14393.1480 (rs1_release.170706-2004)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationwlstore.dllMD5=52574FAC28BB308F127E4BBC4138EBD5,SHA256=517AF989E99F6870E33DE3EEE77F94C33D74B85D9A2C2540B018B096C61C2F89,IMPHASH=81EB696902002AA26A6111B6B9EFE08CtrueMicrosoft WindowsValid 734700x800000000000000075557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.578{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560D,IMPHASH=5500EF6AAEED0FAA2DE0F3B65E67DE20trueMicrosoft WindowsValid 734700x800000000000000075556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.578{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.578{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dot3gpui.dll10.0.14393.4169 (rs1_release.210107-1130)802.3 Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationDOT3GPUI.DLLMD5=3C8A654CE7001BF594728B1039ACC327,SHA256=E9924BC5DF7BD79D7CDD60035009265CAA7629C7CDB6E5AA120B5F327183FC3C,IMPHASH=1B83DE64ADAB18A05A2AD993260E56C0trueMicrosoft WindowsValid 734700x800000000000000075554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.577{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117,IMPHASH=BF1AF19CCBABA6D54178C43BE36CD985trueMicrosoft WindowsValid 23542300x800000000000000075553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.565{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C29EA6E0C5CCC46DCB2593212F0789A0,SHA256=FFB6DEA9466E152CD795B665749428434ACC1EE635E1BB3E25F5FBE4715CD119,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.531{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A05FAF185BC63A570AF03C55F5EC2318,SHA256=2656B1B710F0A0D2197B3BE0EB758304289753F586B6F651228719F281E58B25,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.484{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\msxml6.dll6.30.14393.4467MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=ECF3F9FC612FED875FC8A10052F82CE3,SHA256=9A06876BCFF61CFBE46F80EC76A61E66D80D734607D9503B4162840DE2039F16,IMPHASH=A74F148CA887740D0E045C70ACC762EBtrueMicrosoft WindowsValid 734700x800000000000000075550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.484{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mmcndmgr.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Node Manager DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcndmgr.dllMD5=DDDF9C3B3B4CCFAAD35BA49B0864608F,SHA256=A8EE05699A2CE04D63D078C33A397ABE8D90AE6BC5F0156230620615B13A2F8B,IMPHASH=51AD9533DC3E1E0CFCFEECD129A51944trueMicrosoft WindowsValid 734700x800000000000000075549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000075548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000075547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000075546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000075545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000075543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000075542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000075541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000075540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000075539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dui70.dll10.0.14393.4169 (rs1_release.210107-1130)Windows DirectUI EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUI70.DLLMD5=C3DC010AC7F5880CC7BE626566FC4130,SHA256=3ED6E9D0AF769B0BFBE94DFF4CC07A94A81271133FBB60C9EB02676C92FFB87E,IMPHASH=E76D3161885DD9D13E8514AFC7BF3853trueMicrosoft WindowsValid 734700x800000000000000075538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000075537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000075536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.468{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\duser.dll10.0.14393.0 (rs1_release.160715-1616)Windows DirectUser EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUser.DLLMD5=42D5E1F8641E9DCEE0D8751F6F7A8961,SHA256=9168110EF404BF179888AF4A0F02B2817F020BFB16351778F2DDD6915C92F190,IMPHASH=9134DC493583245CFD7E3B68926C19D0trueMicrosoft WindowsValid 734700x800000000000000075535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.464{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000075534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.464{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.464{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\odbc32.dll10.0.14393.3471 (rs1_release_1.191218-1729)ODBC Driver ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationodbc32.dllMD5=7BE20E672645485F6A3B2E34389344BA,SHA256=B6F6E06CACEE09FB6CC0ACF874477FC9094EA4C14A07FF59B228BDD23C7BF02A,IMPHASH=B6FE10FF835FBB8612CC749787B5472EtrueMicrosoft WindowsValid 734700x800000000000000075532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000075531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000075530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000075529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000075528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mmcbase.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcbase.dllMD5=1C8D01FA2F46DA43580F66690E59F942,SHA256=24E48F93B6050D9DA4D1B93D07FCEA7F15AF8142BA8F4B8CFEF19FA670EB5B4E,IMPHASH=3A0957E0E673BE892DE6FEF53C3A2C7BtrueMicrosoft WindowsValid 734700x800000000000000075522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000075521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mfc42u.dll6.06.8063.0MFCDLL Shared Library - Retail VersionMicrosoft (R) Visual C++Microsoft CorporationMFC42.DLLMD5=DD361EE0A665F41783E02CEA20285E61,SHA256=457BF44CC1BE99FD74983178AC34E83AEC2ED73DFEE9F9FC7F5F501AD8A6D03B,IMPHASH=5407FE666C5FCACC20F969C8CE05D993trueMicrosoft WindowsValid 734700x800000000000000075520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000075513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000075511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exeMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9FtrueMicrosoft WindowsValid 10341000x800000000000000075509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.448{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.456{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exemmc gpedit.mscC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9F{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000075506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000075501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FEF-60EC-090A-00000000DB01}61766300C:\Windows\system32\conhost.exe{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000075498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000075494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.433{8057F119-2FEF-60EC-080A-00000000DB01}75404116C:\Windows\System32\cmd.exe{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.440{8057F119-2FF0-60EC-0D0A-00000000DB01}9468C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER_PATH" /t REG_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000075489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000075484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FEF-60EC-090A-00000000DB01}61766300C:\Windows\system32\conhost.exe{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000075479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.417{8057F119-2FEF-60EC-080A-00000000DB01}75404116C:\Windows\System32\cmd.exe{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.425{8057F119-2FF0-60EC-0C0A-00000000DB01}5912C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_ENABLE_PROFILING" /t REG_SZ /d "1" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000075472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000075467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FEF-60EC-090A-00000000DB01}61766300C:\Windows\system32\conhost.exe{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000075462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FEF-60EC-080A-00000000DB01}75404116C:\Windows\System32\cmd.exe{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.411{8057F119-2FF0-60EC-0B0A-00000000DB01}8892C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER" /t REG_SZ /d "{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000075455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1122SetValue2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500_Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32\(Default)C:\Temp\test.dll 734700x800000000000000075454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.401{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000075449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FEF-60EC-090A-00000000DB01}61766300C:\Windows\system32\conhost.exe{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000075446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000075444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000075442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FEF-60EC-080A-00000000DB01}75404116C:\Windows\System32\cmd.exe{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000075438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.395{8057F119-2FF0-60EC-0A0A-00000000DB01}6556C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Software\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32" /ve /t REG_EXPAND_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000075437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\cmdext.dll10.0.14393.0 (rs1_release.160715-1616)cmd.exe Extension DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCmdExt.DLLMD5=71B9AD2C078C208ED1633DE7DDAA834F,SHA256=44A35F3F5561E722EA1ED9A128BFF127E6086B114678774BC674BC717DD779B4,IMPHASH=03503926F7A6CC110815DF46C0AEFD5FtrueMicrosoft WindowsValid 734700x800000000000000075436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.386{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.370{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000075432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.370{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.370{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.347{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.347{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.300{8057F119-21BD-60EC-4B07-00000000DB01}58803300C:\Windows\Explorer.EXE{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.300{8057F119-21BD-60EC-4B07-00000000DB01}58803300C:\Windows\Explorer.EXE{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.300{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 10341000x800000000000000075425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.300{8057F119-21BD-60EC-4B07-00000000DB01}58803300C:\Windows\Explorer.EXE{8057F119-2FEF-60EC-080A-00000000DB01}7540C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.268{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000075423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.268{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 10341000x800000000000000075422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.268{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.268{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.268{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000075419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.266{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000075418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.265{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.264{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000075416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.259{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.258{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000075414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.254{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 23542300x800000000000000075413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.195{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70361C174A1EB27301EAF259625C006C,SHA256=6B2FF02794FB3AAB57D4B43036942FF3A7B7FA4E6CB59B9EBB5C6FE96FDDBC89,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.119{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000075411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.118{8057F119-2FEF-60EC-090A-00000000DB01}6176C:\Windows\System32\conhost.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 23542300x800000000000000075410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:04.116{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E7B8BE4334E2B04519775AD3635144A,SHA256=4F2B713F77D2076C465FF63B36D389D433EDBA101A6112CCE5FFEF0761B31582,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032446Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:03.445{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51590-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032445Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:05.612{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D5B08F86FF09FADACDD5072A4586015,SHA256=3E4C4FF23F493892E3D8549EFCFE7D3C404BABBF1FD96DBC7BF1B2EB8F24ADFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.406{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=123CB2830DA5B9BF977F746077CFC945,SHA256=DE41A59E28BD42967E75404F1081A0DB2CF995C27D6B0B8B2E816B0340286F01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.351{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F5290D9D68B045E4DF7E4E84EC8AE74,SHA256=4967C2C37308B24E5774BC9F9564BA388940860AF468D7F7D39B93760FEF1708,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.336{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.336{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.336{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.336{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=95A1BA1B908C04EE471AAB365D557FC4,SHA256=5EAFA5C8125CE0A4C69238F28E94E9DC96ECB2474CF429A1BA4C56233D32EBFE,IMPHASH=781D96AFC4A43989716F0476826C7E94trueMicrosoft WindowsValid 734700x800000000000000075726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.336{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=A8286DA670839BD4D3B828E5DCE2D579,SHA256=9A039B35434ED287DBB4F23906E07ED81BB3AF62F01CC31842D1B1E8387C4AFD,IMPHASH=351F646C1B9736015D0FFEFB86A4D807trueMicrosoft WindowsValid 734700x800000000000000075725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=EC928387A1AC55B0BCC65F0FB64657D7,SHA256=9E719F529FD3CE2014E17ADA83FEBB5DF3DA533E93192739324EC698EEEF489E,IMPHASH=A304C1ECFEFBD3A520A9945E2188D759trueMicrosoft WindowsValid 734700x800000000000000075724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=B8A5106696E9FFE0CBA9A5F83C146DE9,SHA256=0CFFE15440453F2A67CB55D62A9044FCB6451149CBA5B98D3E9F265768D09EEB,IMPHASH=A885832D78ECD46B400AC0EF19CF0ED0trueMicrosoft WindowsValid 734700x800000000000000075723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msls31.dll3.10.349.0Microsoft Line Services library fileMicrosoft® Line ServicesMicrosoft CorporationMSLS31.DLLMD5=B2911DEDDF06CA1AB66C810EB98AA503,SHA256=B8FAC47D96B3577104AA20C84E532024E4B8D7A7B222E715E7FBC368151E34D3,IMPHASH=B42CEEFC5A11B8C6A930DBC4E521CD36trueMicrosoft WindowsValid 734700x800000000000000075722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=456D1A9554B75F666045F322BAEEE209,SHA256=F527B223EC94B35867641F6CDDE68B0D18048794B4837D600DC6F2DF44C17D18,IMPHASH=D3851D2627EE20865D40A6CE93CA8A17trueMicrosoft WindowsValid 734700x800000000000000075721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=19BB2A2206DA49504383900559339A32,SHA256=4DB5ACF98CD3E789E9DECD82BA6637452A236207E93C3E38B85F373965E457B8,IMPHASH=4453AC692845F7F4429D6DD3ACF00D0EtrueMicrosoft WindowsValid 734700x800000000000000075720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=71488B2A3FEEE42631F968B08ED0503B,SHA256=2693217FA5F2A259F10D580B4AB95787ECB30B2DF16EF98631EF9D4B3DC62564,IMPHASH=37239F56D3864617C4EFB2A5F460F097trueMicrosoft WindowsValid 734700x800000000000000075719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=50FAAB33B35115D94D3442FA90B0574B,SHA256=922F64661B34B37D35D11CB89611CD5BAE3907FDF56C782D9C67597F330F4D33,IMPHASH=3C84DC322121BEDBDD23AD37D5500FFCtrueMicrosoft WindowsValid 734700x800000000000000075718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=D238A301AE8EFABD029CE5C9B7777BF0,SHA256=FBB2B864831D5F0F71E1D0167B4EDD4FACB62BFD7913C465F4E291B868120163,IMPHASH=D87E30B18F53FE55C5B018AF0882ADC7trueMicrosoft WindowsValid 734700x800000000000000075717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.320{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=574CE73F5F8AEE6C2219547BC8DC88A2,SHA256=68B28AF187AFD6453173D1DC09C9C11CF10FA886FD5877B83170CAA3B0706784,IMPHASH=36E120EA05F8714D20693A7DA02D7326trueMicrosoft WindowsValid 734700x800000000000000075716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.304{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=0C5492DFFA271BC1912BADFEBB497907,SHA256=536C445B9D489749547FAC1D0B01AF7F430BBFE31BCD2924E7DB3BFE66785452,IMPHASH=91DB2465A9EA36C5C01315C79E4EAD5AtrueMicrosoft WindowsValid 10341000x800000000000000075715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.304{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.304{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msimtf.dll10.0.14393.0 (rs1_release.160715-1616)Active IMM Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSIMTF.DLLMD5=AFF8921E40DF47A2938819BBB13E0CC5,SHA256=2E521B9BF27F9EC3D0C077AD1D21915240BA5D2A7F3D64E85687E8A38DD6E5A6,IMPHASH=61FEC0F2740D3463B3883EC575978A0EtrueMicrosoft WindowsValid 10341000x800000000000000075712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000075710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000075709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=90A1CD387F9CB30F86D34B88BFCD83A1,SHA256=5F6CE9777CDC7B0A0E98C90709C41C379415DBA654A39B332BB683A7F2B86E97,IMPHASH=07C997EFB887CE39B75B7896A20F5FFBtrueMicrosoft WindowsValid 734700x800000000000000075708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=9FEEEA412847864E044BBD2789C2457B,SHA256=359D3258E661357C768B1FBB885743E63D3D218FE7999D4A39FC8AEEF64B52B3,IMPHASH=16E2C81454E1F9301D6F8A9B1F5DB754trueMicrosoft WindowsValid 734700x800000000000000075707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=CA6447DDCA724F0C5C0CAFDE184EFE64,SHA256=F9664337B60A332571FCA81CC3E6DD194DCE20C8546980FD283CA892D0CC873C,IMPHASH=6E3C4DB87F2B77C788E86C1A678A8D0DtrueMicrosoft WindowsValid 734700x800000000000000075706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=A6F22CA344FD1B7D75D49ECC718693C8,SHA256=C7787F59263B7D5246B931531AB4DC4C430E1BF8260775B7A751D4994A5D3489,IMPHASH=689E2A5805AE9CF0919D2DDDDDC411CCtrueMicrosoft WindowsValid 734700x800000000000000075705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.289{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=5480D88484EFE8EB7EDB99E68CBCA337,SHA256=B555AD6480A30599CF27A818E470B25C9242AB80C94835EAE08B226854E630D7,IMPHASH=A7A8E1C7D8A348EDDDA81702A2FEC068trueMicrosoft WindowsValid 10341000x800000000000000075704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.287{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.287{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.285{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives Library (Wow64)Microsoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=0D7153433B25ABA6DF86FBC7FA543CBF,SHA256=C8DF43428EC79BEB384B2B2561A3D8FF98040ABBC760C35F99E1FBE2D04170BF,IMPHASH=61592743BFAEF2F12950E5420FA2AEB1trueMicrosoft WindowsValid 734700x800000000000000075701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.285{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000075700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.284{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000075699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.284{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=A2E7DB9004B5F149FEA6776FA9C7A9F3,SHA256=C62D701FF9A54CEFA5629F904470D4664A41598270A4952B7A60E542D7A87AED,IMPHASH=8F303613138642A89948D086887F818CtrueMicrosoft WindowsValid 734700x800000000000000075698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.282{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=9BA49461346F5B2DAFE81E401E884241,SHA256=297B46C95521B8EB59B3793F0ED2736F39C495D2C3D622638EE9205F53E69EFD,IMPHASH=3546967BD7A83D49718BE45FB48403B5trueMicrosoft WindowsValid 734700x800000000000000075697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A5DBC147158A0FFB44246C9452A1C9E1,SHA256=D7763F384F902F00980FE6A2ED0F254AF0539B66AAABFF64413B0D17606000A9,IMPHASH=CAC6B3339C5CAA083E24A4484EE86E29trueMicrosoft WindowsValid 734700x800000000000000075696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=F6B687A32ABAE8BE3B02C122B58D952F,SHA256=DF763BDC4348BBEA93375263BF88E0BCD1267C58FC0F6E994F6D778D302DDE85,IMPHASH=60EA58ED63BD25EC1709F72F112B0086trueMicrosoft WindowsValid 734700x800000000000000075695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=7BC54AA66588A3DF7B1448A4493C6663,SHA256=9CB1BA7C092164DAA14E21454606905E294D137AD72158F92A666077D7CF1946,IMPHASH=2DCB08A6E31A83C3EA33C5793EFA9A56trueMicrosoft WindowsValid 734700x800000000000000075694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=0D885953D657434CA5015545A364BDB9,SHA256=1D29921E136F84B4CA9F1EBD646CFFF4571EA805A6CC5BC1F7C7784CC3246088,IMPHASH=76F056ED62EDF4D48793D8C5EDA733ADtrueMicrosoft WindowsValid 734700x800000000000000075693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=7CAAFE27AECA4ED69CC960438C1B5757,SHA256=725B17A1DC08013337B50D4E0A6E332CC4C30F164383DF2ABBC735001C834F2C,IMPHASH=BFFFEC36C21D417AD54A3AB3D4E7EE22trueMicrosoft WindowsValid 10341000x800000000000000075692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.266{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=E1A1B98F2AD180FA2117A56D869E5830,SHA256=2D9711E9D549CCB441EF21F72F08FB4EACD5F2990193C6FFFC7E7AC92FA6E670,IMPHASH=1FCD5DF5B3D97346B0A828B1CFDB1ED1trueMicrosoft WindowsValid 734700x800000000000000075689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=2BDBEE1B42063F245AC86F54C236BC4E,SHA256=CD558E008DA76E171FC9B8CF87556353330D7B7BF593B5074E4FEB08BC14CFC6,IMPHASH=6FE75EB0A263DD16629B09AECE416B36trueMicrosoft WindowsValid 734700x800000000000000075688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=4BA1C50E6607AE70495B58874963B901,SHA256=72BBBB4145E058C3B12504AC0EC128CD44E282D40959D018192899276A2B9C69,IMPHASH=9F60CD6001B5CEA647B250DFF3B6F65AtrueMicrosoft WindowsValid 734700x800000000000000075687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=0FDEB9236FF287E329F2EF155BA8AE56,SHA256=5F0C2A29312C82D14B8B42D2B6AAFEB82EBAD20822B603FD162E6AAF39B06C95,IMPHASH=2D7046CEF5DEEA9D960D37CB0A98F146trueMicrosoft WindowsValid 734700x800000000000000075686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=F169BB178FFF9EF0E90CF23D07F1B57A,SHA256=1A28934762F0FB587D63FBCD755198F9E660D38F49A7C85C976EB8FF646F2B67,IMPHASH=25AC4D4B6BEA6260ADEE864A6D475575trueMicrosoft WindowsValid 734700x800000000000000075685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=203F58BA41B48A59D6A047E0233DB422,SHA256=4204F7C2B4E13AA3819A180FACA724435F6400FE97D2EF6C74634A0D7E51F7F3,IMPHASH=EA6E499F92F9040E9609EFDC47BE01FEtrueMicrosoft WindowsValid 734700x800000000000000075684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=F5FF215A5AE295644FE12BEAF6B75D00,SHA256=714EEB3B620CC9E368813728B1D247684519A3181211CDB5FCC37451F9BC2B96,IMPHASH=F90F73E985A4791F34FE3574D5616CACtrueMicrosoft WindowsValid 734700x800000000000000075683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=AF2A9437F3AED2E8254B7E1EB6E96782,SHA256=D8F3C957BDBD9DB510E71B07CDE1B446491D4DC520787548060B3AAD1324C62A,IMPHASH=5D2578ED274AAD83C30A3917C98404EEtrueMicrosoft WindowsValid 734700x800000000000000075682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=318804DFF282AE5C2FEF5577057CB913,SHA256=A65C5C3F38A793F0C59C1A4553940D6D236CE2BC3380898E865BF0E1F80FEE8C,IMPHASH=5D92B73B6930EFBC71A36B7FEF62DF62trueMicrosoft WindowsValid 734700x800000000000000075681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=CDD32AC585A458B6B2BC777FACF83BA4,SHA256=6A6D1362633319BA3E2D389A70827D0B5802C5EA9DD5CA723AEA6DBF65713426,IMPHASH=E698C8E2E06172CDB524686FF10A5C5EtrueMicrosoft WindowsValid 734700x800000000000000075680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=E9E209227AF7EFBFDAAA0B932251486D,SHA256=639DD063669F506790DA8C940E3BEBE4F7CF31668260F94CF5A67C93021D2BDF,IMPHASH=25AFDCBDCE8BEB6A7109D378495BE552trueMicrosoft WindowsValid 734700x800000000000000075679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=C6C25E7A5D01FD9147D482CD834999E4,SHA256=AB08074A7B8F0F23EF24CAF00654510E7F89F8B31E5F57A7E059ACFAB34F4C29,IMPHASH=C4387C261B588A5F35A1A681C1322E08trueMicrosoft WindowsValid 734700x800000000000000075678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000075677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000075676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000075675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000075674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=E3851CE4A433475612CB0E1552A733E3,SHA256=F391BAA7AFF5734842737FC1B4C58856BA5E409A7B97C037995F0F26150A85FA,IMPHASH=6DF3E31673D2CCEDABFBE5A79390B72DtrueMicrosoft WindowsValid 734700x800000000000000075673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.251{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=F058FE3C5E3DEF875A654A18551D88E5,SHA256=78DC0394AA359DBD2EB8BE7F13FEDF0478C8AA55785712B358FAC1C97D051B87,IMPHASH=44F906D172B935DEA0C5D038C6FA8449trueMicrosoft WindowsValid 734700x800000000000000075672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=8E944CBA7B0993C79E9AFD7A98731F0A,SHA256=4C377F857E4ADF55949D88F4CC4A0B7A38268532284ECD1331C25F4C29E2EC71,IMPHASH=7E0E904C0FD68DBF5F794D700C0C3C3DtrueMicrosoft WindowsValid 734700x800000000000000075671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=294BC43051C27ADB96A957A6FB9448BE,SHA256=9564D3F69345F9883161007F2E26298FD377B023D1D46C0AAE9821B4B26A74B3,IMPHASH=B1175218A8304DF3BD6BF43A45EE8073trueMicrosoft WindowsValid 734700x800000000000000075670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=7B019DFD62509B244C4A11809F595C07,SHA256=2E879BBDC7C215041617FC599FCBA8C474F99E27B8333EA4DCA4854FE738F22D,IMPHASH=918DADABE6E41CFBB03F954A46D3F72EtrueMicrosoft WindowsValid 734700x800000000000000075669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=3D4308BAC53B881B16D9BD1006ABDC65,SHA256=26DF85FC22F9FCAA2212CB66612FE8F5CC6382953FE81B9C34128E43080C7891,IMPHASH=C7D6B46400E43E7BE538D1CCB512EC25trueMicrosoft WindowsValid 734700x800000000000000075668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=580643DD40890B231399EA5F57EFAA70,SHA256=0B374B1825ABFF7B26170E75F1B638DF08A15B07660A7DF5533F02853CF266C6,IMPHASH=AC11100B3FFA7FCAFA188E618E4C7CC1trueMicrosoft WindowsValid 734700x800000000000000075667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=990CA13B9FE19A5A611F77B333BC9AAD,SHA256=EC3960CAABA4FC0287601311BDCC14D472A165DA7C43F88665D984CE1A0B7DE4,IMPHASH=EED74FF36259DAC3FFC7675209FEED89trueMicrosoft WindowsValid 734700x800000000000000075666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=3394E4EEB4851D80DD7548EC87EAEA5F,SHA256=7F670ACCE58EAADE796FEF335B4EAEAB66DFC47875219B9BE3C9B405A452450B,IMPHASH=C3B61C1F5D46A607D624033E7094E4FFtrueMicrosoft WindowsValid 734700x800000000000000075665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=F3B7F231407DD207CABC94C9347984AC,SHA256=053A1D95EEB426416278D2AD7D584FDD984A8B445CC88B46785AB8666383FB0B,IMPHASH=B5CBF1B1B5086E2C500FD84325E04D44trueMicrosoft WindowsValid 734700x800000000000000075664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A1EDD29F959E38F8AE4AF9B5CDD2B534,SHA256=CE5ECDC3BEFA2DC8C826A697EAC6CDAC12753258315701130CDEDB19D24DBC75,IMPHASH=8B861EA72FDD6FC722328B2746B13380trueMicrosoft WindowsValid 734700x800000000000000075663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=E3B7B5531159A395AC63B7EA256FE7B6,SHA256=B631E93E271E706E0204B606D7851ADF7E65FCA04ACDD73103F0754A9C01007E,IMPHASH=6E1D0A92C1917EFBFC1EEA82FA5E155FtrueMicrosoft WindowsValid 734700x800000000000000075662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000075661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64cpu.dll10.0.14393.3503 (rs1_release.200131-0410)AMD64 Wow64 CPU Microsoft® Windows® Operating SystemMicrosoft Corporationwow64cpu.dllMD5=C1F2078639481364EA3FDD10CBEB1A18,SHA256=B63E6DC0B3D7ABA9CB95929A1A360208A570CB2072474276F649B68F1AC8DC82,IMPHASH=15CD876FB3F6EC97A2F7466360415F86trueMicrosoft WindowsValid 734700x800000000000000075660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000075657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64win.dll10.0.14393.3383 (rs1_release.191125-1816)Wow64 Console and Win32 API LoggingMicrosoft® Windows® Operating SystemMicrosoft Corporationwow64lg2.dllMD5=62DEBA17D0A26B352F1C3F02144BC6EA,SHA256=5A1C08FE318942CB31048DBD641E25610DE842E34470B3E54FEDCA4E2642D4E0,IMPHASH=3045357B61B63AEF6CBCD96F2FA7E9D8trueMicrosoft WindowsValid 734700x800000000000000075655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64.dll10.0.14393.3503 (rs1_release.200131-0410)Win32 Emulation on NT64Microsoft® Windows® Operating SystemMicrosoft Corporationwow64.dllMD5=447615F19DAAFF9C308370C59F493BF8,SHA256=45ED2009CEEB249BBF518B958AF02B97E667DB68C9B6D65642E69E9B0300CF5D,IMPHASH=03B9E38A9E88FDC66380837CCC8647FAtrueMicrosoft WindowsValid 734700x800000000000000075654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=57015A39A73789DC7171F4F6B211AC32,SHA256=3ED6D5A7095A141DCF234926EE0274FDA627C2829607DCE0F7604B7C683067E9,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000075652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843trueMicrosoft WindowsValid 10341000x800000000000000075650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=ADE7AAC069131F54E4294F722C17A412,SHA256=92D50F7C4055718812CD3D823AA2821D6718EB55D2AB2BAC55C2E47260C25A76,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 10341000x800000000000000075647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF0-60EC-0E0A-00000000DB01}99164652C:\Windows\system32\mmc.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+5fc62|C:\Windows\System32\KERNELBASE.dll+5f7f6|C:\Windows\System32\KERNEL32.DLL+608d6|C:\Temp\test.dll+1081|C:\Temp\test.dll+134f|C:\Windows\SYSTEM32\ntdll.dll+1859f|C:\Windows\SYSTEM32\ntdll.dll+71d1e|C:\Windows\SYSTEM32\ntdll.dll+71b6b|C:\Windows\SYSTEM32\ntdll.dll+2d7dd|C:\Windows\SYSTEM32\ntdll.dll+18b4d|C:\Windows\SYSTEM32\ntdll.dll+1512d|C:\Windows\SYSTEM32\ntdll.dll+11c4c|C:\Windows\System32\KERNELBASE.dll+25b2f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a8937|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a868b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525ab3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525eff|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+5289ad|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4f2242|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4258c9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13e9a7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13916f 154100x800000000000000075644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.240{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEC:\Windows\SysWOW64\mshta.exe C:\Users\Public\EVIL.htaC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-2FEF-60EC-C6C7-850000000000}0x85c7c63HighMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exemmc gpedit.msc 734700x800000000000000075643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.235{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Temp\test.dll-----MD5=BAD072DD3BD7B46B8C7BD7D27569D9D5,SHA256=25EC6A50C36ED42C4AEC92B0DAD67F49DD39ED10C9048185AD72F2FE4816E5C8,IMPHASH=3DA185B95597422D5F87D0C5E8C33CC7false-Unavailable 734700x800000000000000075642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.220{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationucrtbase_clr0400.dllMD5=F8F171BE1820544E15B555847005355C,SHA256=CDDF9A2BF085AE59BA464B3BA6394AACFC342DA5F17D77FD5306054C8AABF153,IMPHASH=0524DC27AA10ADA72FFB6F88F5FD8829trueMicrosoft CorporationValid 734700x800000000000000075641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.220{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140_clr0400.dllMD5=63936588122BDEE9624D02CE3F8F54EA,SHA256=21F7E6165CE8DD92DB8CDF48CEE83DE64B2B0807B7B499CF87678B70C6F8C32F,IMPHASH=CD244BF7A749BF0B13E038D2EE842BFCtrueMicrosoft CorporationValid 734700x800000000000000075640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.220{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll4.8.4380.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Common Language Runtime - WorkStationMicrosoft® .NET FrameworkMicrosoft Corporationclr.dllMD5=70694DB5ADC4C766A3572886DE86A9C8,SHA256=C81FD948E0CFF4961674B068D157DBB196328348202C1CC3BD08C1E4D1203036,IMPHASH=6851068577998FF473E5933122867348trueMicrosoft CorporationValid 734700x800000000000000075639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.204{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45E,IMPHASH=005299FA213F652A596AC31760C5340BtrueMicrosoft CorporationValid 734700x800000000000000075638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.204{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBC,IMPHASH=12E8F895FFFE1065F24D148EC1ED3096trueMicrosoft WindowsValid 734700x800000000000000075637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.204{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 734700x800000000000000075636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.204{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\AdmTmpl.dll10.0.14393.3986 (rs1_release.201002-1707)Administrative Templates ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationAdmTmpl.dllMD5=E1CF1CD067E3C0C53A0F2A1544524688,SHA256=0A1644529D587272E6FCE0257AE061F223BFB958618D76D7CC5F9EF66011803F,IMPHASH=D6275993A6AA40AF4EF7CB35C64D34A3trueMicrosoft WindowsValid 734700x800000000000000075635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.188{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\msi.dll5.0.14393.4350Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=DEC633243BDCEAD0E3BDDDAFBC933F02,SHA256=FC9AFA9CDD6ECC1194C1532F37AF6FEE9E888DC5D2056BCE0C59538A389FC9DE,IMPHASH=702DDC1509DE604C8D612A66E9E39DACtrueMicrosoft WindowsValid 734700x800000000000000075634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.167{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\gpprefbr.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy Preference BrowserMicrosoft® Windows® Operating SystemMicrosoft CorporationpmbrowserMD5=C6F7D269250C984166912CE18E1E7083,SHA256=CFF659257BB3B45AABBB11D5D9930FB83EF30CDB168F1DFFCD226AFEE335C258,IMPHASH=B95C208D652CA4ABD1753B600C50E7D3trueMicrosoft WindowsValid 734700x800000000000000075633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.151{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\gppref.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy PreferenceMicrosoft® Windows® Operating SystemMicrosoft CorporationgpprefMD5=FEBB503E16009EF67E2B39B076AFAB19,SHA256=2C8B648BF4325C9E5A46DBC9075E2BD37A6E649153E7F97E42B1518B5F0B8CF0,IMPHASH=B574852D0C9D30D215A9F05463D02F7BtrueMicrosoft WindowsValid 734700x800000000000000075632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.135{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4,IMPHASH=334E5331674424695F9872596E2677C7trueMicrosoft WindowsValid 734700x800000000000000075631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.135{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=6EE744B7052F6DE1C9870F9C97FDB42F,SHA256=6FE549AAB3A751D32F4FE7A1492BE85B4FD4AD718A9561CBAB6E82B97BCFDD40,IMPHASH=8C07B81A4B319D612B954B42DF3C1D74trueMicrosoft WindowsValid 23542300x800000000000000075630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.120{8057F119-1972-60EC-FB05-00000000DB01}4904ATTACKRANGE\AdministratorC:\Windows\system32\taskhostw.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\DID55GTF\views[1]MD5=A726593A8261930E4786375106FC6BFE,SHA256=E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.120{8057F119-2FF0-60EC-0E0A-00000000DB01}9916ATTACKRANGE\AdministratorC:\Windows\system32\mmc.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\NVCWY13N\views[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.120{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\wininet.dll11.00.14393.4467 (rs1_release.210604-1844)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=2155253CEE186286631247CCF3C7D138,SHA256=AA97CAF5AE292D467421116F9DB4A84008A6ED868F1ADDBE06585BF3FCCEB476,IMPHASH=B3ABC7D59C2B1ACAEECA63C53B0AAC4BtrueMicrosoft WindowsValid 734700x800000000000000075627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.104{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=E5259F73A504669357CF435C9044FA5E,SHA256=3E84BDF133912A296FBC842A9103452F27C05785D77E145329BFB9B3F5B5A7F1,IMPHASH=CBEE0B2314A44C19D7D26951C39F11F6trueMicrosoft WindowsValid 734700x800000000000000075626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.088{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0,IMPHASH=FED414075FF3F23F21C898B1860393B4trueMicrosoft WindowsValid 734700x800000000000000075625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.088{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000075624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.088{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458,IMPHASH=F1FC6BF3699C289EBAF914A7771E49CDtrueMicrosoft WindowsValid 734700x800000000000000075623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.082{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000075622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.067{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000075621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.067{8057F119-2FF0-60EC-0E0A-00000000DB01}9916C:\Windows\System32\mmc.exeC:\Windows\System32\ieframe.dll11.00.14393.4467 (rs1_release.210604-1844)Internet BrowserInternet ExplorerMicrosoft CorporationIEFRAME.DLLMD5=13F327C8FBD3F269304BB84DE36474A9,SHA256=81560FD91B1DAB5329E68F6E43F16DA7FC9E0296D16EF8F234A6AD0D4BEA62AA,IMPHASH=C88C7ABCCBE2D1CE9D711B5FBA02EA04trueMicrosoft WindowsValid 23542300x800000000000000032447Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:06.627{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B6553EAF3AA9CD431324DCFECCFD09B,SHA256=A08AB465649168DC7687AAED2B00532E47A618CA6B88BB9CE5D8FA9D440A5009,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000075737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.114{8057F119-21D0-60EC-6307-00000000DB01}7172tls12.newrelic.com.cdn.cloudflare.net0162.247.243.146;162.247.243.147;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000075736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.113{8057F119-21D0-60EC-6307-00000000DB01}7172bam-cell.nr-data.net0type: 5 tls12.newrelic.com.cdn.cloudflare.net;::ffff:162.247.243.147;::ffff:162.247.243.146;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000075735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:06.486{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E831ADE8151BF6C1EA6612D8C264A6B6,SHA256=100100511FCA1989E58E91D8B204940C345E336D6BC9B7DF6EE52A75DE393E88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:06.486{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F589B98FD66938CC90487445F0A286E9,SHA256=A4DC47F446B3EDAD24BCF7C2999F79104924C3AF090EBCFF678E82E8DE0B33A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.241{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56108- 23542300x800000000000000032448Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:07.690{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1CFCBFD2FB58278C5E82B44CCA981EB,SHA256=6E7645D662BCF164DA2277B50C2536E45F336D484EB6C79B43DF8426E1857208,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.339{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63394-false10.0.1.12-8000- 354300x800000000000000075739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:05.243{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64212- 23542300x800000000000000075738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:07.137{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AA969C6B5106B0A50364075C2990F48,SHA256=EA48582EDD80FEF02F39DBAA44DD343B8C7E360C104216A53C8DE5BE0623FB97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032449Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:08.705{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9008E5E0B6A7E3D37D745E30B5818753,SHA256=60DD93827A971AD47DDB5624E8CCBEB812E554313D2D1F549A70F2C00E13677E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.554{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2188C920806C075A26FA6A1E2AD063EB,SHA256=76E31BCC821609D4CC0BED451BBD5099BD380B5DB613AE0010D8CA41C703F936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F84DD92E04DEA3BD0DB6F4AF39310BE4,SHA256=3BE307359E246E66DFDA5B09BE23A59BC974167FE76D4FC6990AB45751DC1F73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D6BF6E049C738E7A2CDAFDBB5BFF4995,SHA256=40D3B5AE05DD46FE56BA73BF061EEEDE3491DF8CB928C616680268CD4EB3A669,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=BB7E0B146744DEB996642FFCD01CA80F,SHA256=FCF71DBE9A08AAD19291272F0C406322E8207F827545077E7473DF8C46C218B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7C8F89A91E68B8FEC21D211953D25986,SHA256=6B45B4249A42776C9864F465A538882099A6CEBADDAC94D534A70BE06BDA1101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F9427E7654DC1356719C14203B77325D,SHA256=D475AEB3A56C18C8ED59DFAC81CEC60A022F6F3B6D61FE0A86EE81C53E364E77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=3466205D2C000929767649873A5429CD,SHA256=DA857664CF23972E3A4A9795F0311AC15B1427B5B064E83171018C0B56C8243B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=6CC3D83AA866FC0FAB74661099C402B7,SHA256=BA079CBEA36F4EC37AF50E06C53511220C1ABA8E2FC92C051E5358204398487C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=05A1F54DDB6B3A399D495787C9452AA4,SHA256=C7843EF5E41C7279C28EB2F831D37D060F3954CCAFAE382CD317C4A9BA3B0268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=38631E125E02D0704BB07D2BAAEA1A0D,SHA256=1999410033F2A00676D06C4FCA5DB65C08BCFF735A4A7DB9E3CD665599B07BDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.538{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B880014321CAFB32E83DFA1949FD559B,SHA256=96FB5EFACC61FF787DC7DF27694EDC653FB7010D6D98824445AE919D506FC563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:08.153{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFCF267C8112FBC72BAE19CCD9E8A786,SHA256=4DD8C7DB59B1E309DF93EEAA8A796BDEC62DD11912F0B21E9726F4B629021642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032450Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:09.721{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBCCF1803074258BF663DC711210BC3A,SHA256=72FBCD201F5456CE52FEDEBB3115FA95A09A6B269B82AC2A99F5846BFB32163B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:09.169{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93DFE68C2F286F6DC87075823BCC4811,SHA256=7858E7EF8E3F8608D9F584EF4A76D8282145586EC8A4248F6F6FF6B2103BE711,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032451Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:10.737{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CACE313EB0F5AAD33F7846DBDD66FE30,SHA256=0DCF561585636BEC43B81DB948FE3770D008DB7C33EF04605A1E5721223065AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:10.170{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD8CC59D15AD0C2DD7CE1D9B36A908FC,SHA256=3C692BCE8C2A00478AE4E04F4B20A99391291E11E30339142372AB8D195EBEF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032452Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:11.752{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B02E29F36965A384BF636B3609388C41,SHA256=74A4F0529344E357587AE12973119911104B23F42E31E4CC96B78594E54FEE26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:11.187{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9886914404FFC2BE4A3A409F8FA52A2A,SHA256=CA30E90F32EAC609F0E4AF0F4CCEFAF6F6020CC0E72DC74164ED590CA8B4A430,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032454Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:12.768{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6A64661A208E80291BBECD46C6B8995,SHA256=6385D3316D397EC8F5FD5783163832C4783AC521F449448F9E9E1A1E5D97450C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:10.391{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63395-false10.0.1.12-8000- 23542300x800000000000000075756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:12.206{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D02B96A97C40B6446758620712C9FA14,SHA256=9974E8096F8E630ADCC6D8C0983889DEE600B3666A85CA3ADD09ABBF8C9171BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032453Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:08.510{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51591-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032455Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:13.782{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCC0753077A899F7DC859085EA648C0B,SHA256=A9623326B004E5650855897FEA0F2330E0BA1DE206BFF34D9321F788EB303FB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:13.221{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77055290C5C8592A701A04D2A299B63A,SHA256=7B7A86F9A233724D8088BDF95C1F6CC4FB8F83F4A0E3E38407B0EE290258E88D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032456Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:14.798{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7908A4164B8821B67E3A071E120D39E6,SHA256=C29C6A40D865215464F7A1562B60D217BABA65BB0B186766BBCB174FFD26CEDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:14.236{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A268A0AB54A6B5C728CB0DD010660256,SHA256=0BE307CAC0D05309FE0936B275FCFC7ECB57D9C3EEA2C1AB95082155CED1A861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:14.005{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=89E68604C9C5109E5BCD2CEED5A7D56D,SHA256=3C55ECCDFE833944531303BE7C7145A286BF3B8BAF77A02E3606D26DBE42E772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032457Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:15.813{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FAFCBFF8C1E530A49F7A161C8929705,SHA256=9147E542BA2DD2F813EA4E099BBAF84A2A7783B7A5AD687C1CDB6F8DBA99EE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:15.238{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD09BC79F2076BFEFA306F41FFC709D,SHA256=18B2173D3E897C373ADDD187C5460A53FBC9598BE2AF4499FD50B65F1C696690,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032459Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:16.813{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D989E351CC003737ED7602CF7CA0270B,SHA256=9B269B842F422D4E5F91EB69A682438F323141FBEDEB9EAEADE72858A0FB317F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.322{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B899352D4C608A287379CA14E2E17916,SHA256=B502EB3DC062F5404B4794D5559FB1F14909CF4228A05957848DE59BE92ECFDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.322{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=0D6EE6557FF38FB2D351C1A63463FC7C,SHA256=441682751134601B6906BCD50942C92B7F6C9A0E47BE81638C3D82883771D965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.322{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A0AB04926DCD7F31DEE7902AB8BC776C,SHA256=35C6C4BEE5097CFC1C1FE6710B6F455E6649695882B96C6A1301623B62BA90ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=656A0D4AFEB010BCCC1ABDC7BB3CF133,SHA256=7A7311C09590B5809CFD62A9EF1CDC9FF9BE3D0C0264E48C22C568D980861E86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E6630454719803E29FD18D6CE8257A40,SHA256=D43E58A534FA328F7DB52DB6A2646C5F5AF9F6E68D9EC6EFEE884CD4C5E923CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5C14A38061B5457FA6292284A1193330,SHA256=00526F2940D1B6BCC3496909C6390645E6434FE494A0BCF8E8EF454ECD462FCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7E79379B55C410B7141CBB20E228C15D,SHA256=DAFC22899AAB53D482077610F573FA2D026FCF921F085F9C210059E02F4CA40F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F65CA12E25595B45A0BEC6F1ABE66D02,SHA256=D35E8A4963BBC249AB80D1C089E01D1BCF699EADDD19C84D1483A8CAB6E1CE76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=52A9E8A6C72A2B6D1897C9A9F11BCD76,SHA256=5EF1461729D81177483BA6709F132B0D23741076E983A9D75E588D2A21FC9F15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9CF86FC3B54565EA2CE83B49DEF09BED,SHA256=B8C63595F57DCFB0C4BA5C6CCB905E932A002F87595FA3D3A4B150D8CF135319,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.307{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5E1671C73D2C0C54E037CABE76115B94,SHA256=D114C9AD3EA86F46087EC94ADE0973E973F84F0B62A0427C017B1ECB5025405D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.253{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A64217E14688697C4F9842174D6CEFF,SHA256=148AD7702AB3EFCAE09404440B9A4F2B222914AACBF7524BB115B2ED26E1010A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032458Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:13.524{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51592-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032460Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:17.829{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D0091DF85725C3CFC384589BF65B3D6,SHA256=27BA94052BAAE7653C7A420F4317CAD4C27271E992C7D548E26A1C678CB62B50,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.269{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000075784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.269{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD119E28490575BB0F984BC8BCA4EC35,SHA256=6CFAC9359D0C459D87391F745CA348CE7CE83640ED23FC1D3801FAA0D44C3C8B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.238{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.238{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.206{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.206{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.206{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.206{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.206{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.191{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.191{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:17.191{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000032461Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:18.845{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CDEBFABA2C4991CDFD382286D5EBFE3,SHA256=555404E0F69602F7F664B117373054CB68188C15363976D01FC805266E1BABEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:18.288{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7781C5E6DC43CA6987415C81BC462E2E,SHA256=7C2474CE77CF7ED4E8DEFB265049BB6E8FD95FA89499093F5E7568AAD8317D19,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:16.342{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63396-false10.0.1.12-8000- 10341000x800000000000000075787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:18.206{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:18.206{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032462Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:19.860{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4F348713D7F0925AC4936C2BFCE5C79,SHA256=D25DB0FA0B856F5AA25372113B10DFCDC9781A109DC6B1ECCF02856AE55CF8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:19.288{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2536DBA1D1F0788B2FEE38408553D86B,SHA256=1B9933E5DBCBF6FA75AD4121C1FF2F8C511BDC71F98F212D0A6057DCE4087150,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:19.206{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032463Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:20.876{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654022B283EC8A606BE6590285686C83,SHA256=4525706135527D341ED18D0C5C88374FDD25A03C249B9731DB8F6692D0A187BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:20.821{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:20.306{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E2054FAF6E4218F44FEB4F772448E0E,SHA256=77FBDB1918F32662FD9AC6604AC2E541AF287E0B5AB40973199C47E1357E241F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032464Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:21.891{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3955E643B16442CD178295D656B9D408,SHA256=037E3D25CAEB402BEC1E34BAB5C7C740CFE5B52F71DF07DBFB0D7CBCB6936B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:21.336{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C920FA8AB605F4897B3C50F93B084270,SHA256=3498CDB8313863D2088BA65D3A2384B40CD54CC6B34A26B72AAB0E6663BE74D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032466Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:22.907{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7483F0368E84992FBCA75B99242FFB5A,SHA256=2BCB6C3B98E91847C3DAB31617B221F951829911DD435C2EF68C00A7E6860448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:22.337{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=719A9D363F4A30AD97DAEFF37FFA1B4C,SHA256=FC2A6F6CE3928017096AAEB4B56C0C87B2BC76332DDA1EE2545C99FFEB59C7FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032465Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:19.446{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51593-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032491Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.923{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E40B7CCC5E823AD7F9B50FD2897E2C00,SHA256=9F8B7C4EB42059D3B6BD4532FCC74F3E47F8384E52A6C529AB1F6A397A132D8A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:22.341{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63397-false10.0.1.12-8000- 23542300x800000000000000075797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:23.352{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7607C2FBE90A12A79A2318C1118DB95,SHA256=30C9EED77915077EC92A15E23548E61591505690495743CE3DC95CE422A1546E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000032490Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000032489Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00929247) 13241300x800000000000000032488Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770d-0xcf98eb4a) 13241300x800000000000000032487Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0x315d534a) 13241300x800000000000000032486Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771e-0x9321bb4a) 13241300x800000000000000032485Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000032484Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00929247) 13241300x800000000000000032483Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770d-0xcf98eb4a) 13241300x800000000000000032482Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0x315d534a) 13241300x800000000000000032481Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:05:23.641{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771e-0x9321bb4a) 10341000x800000000000000032480Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3003-60EC-3605-00000000DC01}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032479Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032478Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032477Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032476Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032475Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032474Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032473Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032472Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032471Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032470Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3003-60EC-3605-00000000DC01}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032469Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.610{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3003-60EC-3605-00000000DC01}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032468Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.611{50946567-3003-60EC-3605-00000000DC01}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032467Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:23.407{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=70BB5DFABE059F01764FF47F379BD988,SHA256=E4CF6AD77A816FDF41DCFF121D6162DC456EC2D0D7C7180B828BA51FE9C3B276,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:23.005{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0DBDC3E5E568A84AE4A662B56AEB0812,SHA256=49156B4A91DC2C472D9614E305E2B1C86B111005B6392EF60DCD333624F3EB78,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032521Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3004-60EC-3805-00000000DC01}2836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032520Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032519Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032518Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032517Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032516Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032515Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032514Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032513Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032512Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032511Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3004-60EC-3805-00000000DC01}2836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032510Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.955{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3004-60EC-3805-00000000DC01}2836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032509Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.956{50946567-3004-60EC-3805-00000000DC01}2836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032508Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.924{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75D8CE7849D0DD16120B8868569B0752,SHA256=5946746208D57EDC4BE7A13B6E4F97EA0BD7E212A9E0785112B113EC8C63BA55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:24.368{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF23EDAA4D7C04E6BCA9A4904FF9F602,SHA256=DF749EE960F6574789DCB0BDDD0674FBE4178B1771258CEC8059F78C293C7C21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032507Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.611{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=349D5888B4BF272A40841986E5967A82,SHA256=7FB065B4CDA5A6EF4FC89F32A1218B1CC942E631487B555AF440096B02170D02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032506Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.611{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1E81AEBE332F55A07458E3DD3D74B32,SHA256=2E3B13E3DAB7D8D686C77FD40810F29EA754CD829C31F4275D0CFF5CF14A6DED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032505Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.471{50946567-3004-60EC-3705-00000000DC01}36762892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032504Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3004-60EC-3705-00000000DC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032503Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032502Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032501Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032500Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032499Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032498Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032497Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032496Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032495Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032494Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3004-60EC-3705-00000000DC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032493Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.282{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3004-60EC-3705-00000000DC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032492Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.283{50946567-3004-60EC-3705-00000000DC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000075801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:25.386{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFE03DF56C69914396AFBB46AD0D43C5,SHA256=17528E7A1B4E262DDE2928176655F84C1381CEE80B069B3B8FA29A508BF6A78A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032536Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.815{50946567-3005-60EC-3905-00000000DC01}36043396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032535Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3005-60EC-3905-00000000DC01}3604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032534Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032533Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032532Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032531Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032530Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032529Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032528Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032527Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032526Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032525Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3005-60EC-3905-00000000DC01}3604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032524Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.627{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3005-60EC-3905-00000000DC01}3604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032523Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.628{50946567-3005-60EC-3905-00000000DC01}3604C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032522Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:25.158{50946567-3004-60EC-3805-00000000DC01}2836364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000075800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:25.052{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:25.187{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63398-false10.0.1.12-8089- 23542300x800000000000000075802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:26.404{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D67DA83C5B535CF60210B0050BF84F1F,SHA256=4A7EB80E7C14DCA6CDDC71606CC86B7F7D9C756783CAB9B2B1D9E04270323B94,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032552Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:24.557{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51594-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000032551Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3006-60EC-3A05-00000000DC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032550Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032549Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032548Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032547Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032546Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032545Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032544Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032543Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032542Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032541Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3006-60EC-3A05-00000000DC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032540Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3006-60EC-3A05-00000000DC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032539Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.160{50946567-3006-60EC-3A05-00000000DC01}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032538Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E331BCF5EED73345AF4DD4A6F3F8C742,SHA256=AC3762D4EA511730592BA4CCBDA1F37A6B50C2E81CFE0B44C3B826D154A25AAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032537Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:26.158{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=349D5888B4BF272A40841986E5967A82,SHA256=7FB065B4CDA5A6EF4FC89F32A1218B1CC942E631487B555AF440096B02170D02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:27.419{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50FEC61D32C5FE0821C319AE6153D590,SHA256=842346A45566EA5DB6C48337CA7C519D47AB93A7A95A427F9F26884871F5E930,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032554Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:27.174{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B9876ECC658D29DAA484CBCCD9A7DDF,SHA256=FE89AB8C21C8C816517B089B11A7D1081C92C508AA17A4F1346CD9914DC57902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032553Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:27.174{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F83DB40E7A36AEEF04D5C802247F3B39,SHA256=6C461F9B156D2AAE607D49900E6C01EC91477EADA59915754D0F4D1593D05A47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:28.949{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\AttackRangeSysmon.xml@2021-07-12_120109MD5=9FCD7639BC3254AA3B82F21A354D87D7,SHA256=9836F4BEA80A888EAA11659F8A8A0F8D9DA8FF84093F2E79D39815675BBDEB94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:28.434{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB9303FF3806671F4453F47B12C2487E,SHA256=29BB183929E91B95AB2918E4F56848D313C933D9B3E94BA6BD3354CF722BFCF6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032581Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3008-60EC-3C05-00000000DC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032580Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032579Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032578Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032577Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032576Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032575Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032574Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032573Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032572Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3008-60EC-3C05-00000000DC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032571Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032570Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.861{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3008-60EC-3C05-00000000DC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032569Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.862{50946567-3008-60EC-3C05-00000000DC01}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032568Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.377{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5974FE61139EC997DB19B476A61121A,SHA256=B9C960994106164810F4B313AF394750DF02BF5274AB3423795EF25FDB309FBA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032567Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3008-60EC-3B05-00000000DC01}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032566Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032565Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032564Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032563Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032562Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032561Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032560Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032559Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032558Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032557Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3008-60EC-3B05-00000000DC01}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032556Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.236{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3008-60EC-3B05-00000000DC01}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032555Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:28.237{50946567-3008-60EC-3B05-00000000DC01}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032584Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:29.408{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E83FA6F0BF29F9187D1022E03E91E6EC,SHA256=7745392F1AFD7CD52FAD5DE8B498900D1614E8A673A3D449A95DF1F25F4E1CBA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-21BD-60EC-4B07-00000000DB01}58808688C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-21BD-60EC-4B07-00000000DB01}58808688C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000075808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:28.238{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63399-false10.0.1.12-8000- 23542300x800000000000000075807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.465{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EABFB47CB6E734D4C6344AB289A7905,SHA256=3D1D7705C41AF93F98A04DD3890C22D53AB68B325012E963F664C32F5BD73C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032583Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:29.377{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1767404F00AC244035EDCEB4021FBE4E,SHA256=3811B0C7AD02475688D40FECE2BC2F806656954F128C87B81A80737E2724A054,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032582Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:29.080{50946567-3008-60EC-3C05-00000000DC01}6963324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032585Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:30.658{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBEEDDEB0B6801B1EB961053579AFF97,SHA256=A670FC44BAEB8883D781BF9014F72FEA616CBB7288DA2D487E2A6B8F85ACE830,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.467{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3395DC9DECB9C3A6C6B724218C5492EC,SHA256=55D8A040D35694BA9FD176536423EF302891B28D9020089C1928764E39B767F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.320{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC531785D19C6F0FAFD07A7E109B04D1,SHA256=22A5053886036BD0F7A7A0E95C1A59DA316412DB3BD0F21079BAD9AA79A936B3,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.066{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\execmodelproxy.dll10.0.14393.0 (rs1_release.160715-1616)ExecModelProxyMicrosoft® Windows® Operating SystemMicrosoft CorporationExecModelProxy.dllMD5=A0251547D09C624F5E0FDFED5F14C834,SHA256=A6E167A77AC44A73323B8FF65E1FA2BAEDC0E092255F81FE041B35D40970FF90,IMPHASH=B1BB7A0B17604581DFBD9AE821306153trueMicrosoft WindowsValid 10341000x800000000000000075844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.090{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000075843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.090{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 734700x800000000000000075842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.051{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\ExecModelClient.dll10.0.14393.4169 (rs1_release.210107-1130)ExecModelClientMicrosoft® Windows® Operating SystemMicrosoft CorporationExecModelClient.dllMD5=178BCB2B937C94CA144C326FD678A322,SHA256=932D0710FD612EDBE2D0433ABE294AD17D23CB8D43DE7F4CD8E01C58D279C1CE,IMPHASH=B1099E1B098B6F4C7DC6D071206DFC70trueMicrosoft WindowsValid 10341000x800000000000000075841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.066{8057F119-21BD-60EC-4B07-00000000DB01}58802452C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.066{8057F119-21BD-60EC-4B07-00000000DB01}58802452C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.066{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\OneCoreCommonProxyStub.dll10.0.14393.2395 (rs1_release_inmarket.180714-1932)OneCore Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreCommonProxyStub.dllMD5=02CEC1566FB0709923FF7A9FEC254D96,SHA256=81BED60AEB79C489E9F79996A3F0AB626E6CA247EBB656B6B9897C47A39F6AFB,IMPHASH=69A8B7E9F373278F52FE45A83CE3A380trueMicrosoft WindowsValid 734700x800000000000000075838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.051{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 10341000x800000000000000075837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.051{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000075836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.051{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000075835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.036{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000075834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.036{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000075833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.036{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000075832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.019{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000075831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.004{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.004{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:30.004{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0D00-00000000DB01}8966164C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0D00-00000000DB01}8966164C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0D00-00000000DB01}8966164C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0D00-00000000DB01}8966164C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0D00-00000000DB01}8966164C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:29.988{8057F119-08A1-60EC-0D00-00000000DB01}8966164C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032586Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:31.674{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDAE09A55E8B4B4F68DA066A13FC9A7B,SHA256=8C117CB0184507E809CEF9529E0CA383DC30D425FAA9B5CD0C641ABD006C67F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.591{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.552{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-2D5E-60EC-9609-00000000DB01}10132C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.552{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000075851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.552{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000075850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.537{8057F119-21BD-60EC-4B07-00000000DB01}58802452C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.537{8057F119-21BD-60EC-4B07-00000000DB01}58802452C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000075848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:31.468{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED27EF438AF953CCAE4DE510EDF65E72,SHA256=6778098505DCC999F052727838D07EA31771B067A8523587E6005F04CA99AB50,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032588Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:30.431{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51595-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032587Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:32.690{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C78B70AECCCE44C1D39536A52A54811D,SHA256=24F9DFA936E385667CBA1FB8BEF4ED77CE4C334751B9E13603FE1DE7C0850394,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:32.488{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B17F04B9903615F7C4C0764F9DB96A4,SHA256=296388884D61748AEDDA6F353AC573F0BA26FFAC844F25CE53D0EBA85B4B0FC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032589Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:33.700{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83B722D8C8B8D33E2F813028F3DE521E,SHA256=7BF50EC913484E698620D5E7BA8836F9F42149E3F86C42472C078AE1B8222EAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:33.504{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8347B2A405A280ACC55062FD1291805C,SHA256=D0C7EA0B0B8B23D0869EAFEA3C2EAFC6A6568DABA6FB24D2601614F495A51334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032590Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:34.763{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52579038077063C10D90A3CA9E682876,SHA256=28F6827D3B81DE21E6A8A4DD0FC07029B903AC7F3D41B76FB0A3C7D44274E482,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:33.355{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63400-false10.0.1.12-8000- 23542300x800000000000000075857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:34.519{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFEF5B29E58E1B85AAEA14C9D16CD21F,SHA256=212A1D71C9F6F69374EC255212EB2564A4558CC4C0A9F955F49251F8A2D3EF3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.951{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\AttackRangeSysmon.xml@2021-07-12_120109MD5=67DDECB48802BA87329A49D4FE5BC437,SHA256=2CD048C5EC58EDB287BD611967C5FBA4F1EC96A4334FEEBD2DC6FB6A31676186,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.951{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5DB864AF9572285149729CC64D90042,SHA256=220D59BCA73E561EAC4DC5C7F0F3EA93D793C3AA73D8CAC73EAECB5B51E48832,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.867{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.Cortana.PAL.Desktop.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Cortana.PAL.DesktopMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Cortana.PAL.Desktop.dllMD5=7CA4C3F102D868CF2F935696104A5CB5,SHA256=381CCF05FB38DB28AAB8E93D4574FE852776620560FDF5DD2D460833681195BA,IMPHASH=13825F6BBCB963E78044B6D6E43BA643trueMicrosoft WindowsValid 734700x800000000000000075928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.867{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.Storage.ApplicationData.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Application Data API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.ApplicationData.dllMD5=70CCBC49226FCAF8320B483196EE171D,SHA256=9B34EA835C9D6D312478EC5FB0C50F444F9D0A32013A4C622EC73561701D3E53,IMPHASH=28E467C0B26A13BC6CD010ECA4849A8EtrueMicrosoft WindowsValid 734700x800000000000000075927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.867{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Clipc.dll10.0.14393.0 (rs1_release.160715-1616)Client Licensing Platform ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationClipC.dllMD5=C1ADE6C578AFD608EBC63BEB0F85ABD7,SHA256=7195914FD6FF035601607636E8EEFC58074852FD9983DB4A7E9DFEAEFA3D8382,IMPHASH=F8BABF073EFC135052FBFD9D3305CCC8trueMicrosoft WindowsValid 734700x800000000000000075926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.867{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingConfigurationClient.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Bing Configuration Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationBingConfigurationClient.dllMD5=5157C221A424FF404FC4F006BC3BE79D,SHA256=26D56062FB4020E7BFD94A83F35CC02F86D370210746A4AC999807E3C4CD5AD8,IMPHASH=73F84D858A4C649D945628FD9227E215trueMicrosoft WindowsValid 734700x800000000000000075925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.867{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionMgr.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Cortana Action ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationACTIONMGR.DLLMD5=C826B342FFB3DD7D64E7DDBBFC9116E8,SHA256=E18C21A7F0BB54B269A02CD1055E03B845853438D9A43F649851298F7EF58694,IMPHASH=FD99A218B36BA972C12186B6C564B2D1trueMicrosoft WindowsValid 734700x800000000000000075924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.851{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll-----MD5=005C89BB002DB3236761F2B0B47D472C,SHA256=9EDF2BB3B62B66C97508C85FB0103C0EF3557142BCB02F9C40941C725FF24A22,IMPHASH=B8B784A131D0205AAEB622B872E38BD8trueMicrosoft WindowsValid 10341000x800000000000000075923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.851{8057F119-21BD-60EC-4407-00000000DB01}42449892C:\Windows\system32\sihost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+756d|C:\Windows\system32\activationmanager.dll+b93d|C:\Windows\System32\twinui.appcore.dll+3df1|C:\Windows\SYSTEM32\twinapi.appcore.dll+2accd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 734700x800000000000000075922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\VEEventDispatcher.dll10.0.14393.4169 (rs1_release.210107-1130)Visual Element Event dispatcherMicrosoft® Windows® Operating SystemMicrosoft CorporationVEEventDispatcher.dllMD5=7A89C3B780AD83BD07097E1562C8C2A4,SHA256=A2E4969569F4A963A6F02827480634480817BC00A52C5BB96BD6FC6D9BE54B2A,IMPHASH=68182A73D7878DB2056CBA31DAA3CEFCtrueMicrosoft WindowsValid 734700x800000000000000075921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458,IMPHASH=F1FC6BF3699C289EBAF914A7771E49CDtrueMicrosoft WindowsValid 734700x800000000000000075920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000075919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000075918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000075917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000075916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000075915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000075914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000075913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.835{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\cdp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft (R) CDP Client APIMicrosoft® Windows® Operating SystemMicrosoft CorporationCDP.dllMD5=97BCD0CFB8C9A7133688C1683B8BB049,SHA256=A4DCBC842B5D97DBE298130BA97D329085B992F15B9FC4C2F78871826618CD80,IMPHASH=BA9A45255BAE8B363B6B657A12E44278trueMicrosoft WindowsValid 734700x800000000000000075912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\capauthz.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Capability Authorization APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationcapauthz.dllMD5=23F19228D21BADC021EE9105326116F4,SHA256=A80DFA852F9DCD6D4CDB9A202E122B4765E77E18A0C8E436D9A080464257A7BB,IMPHASH=512E63FF45CABF98ADB36E36331EFB3DtrueMicrosoft WindowsValid 734700x800000000000000075911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.786{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll-----MD5=D1DC08AA3FC8448B0D8736B166D003EF,SHA256=16FEF33788098D770129C0783119E2E6223B8E4EE0750C193DBC1262F6430573,IMPHASH=096E4D7EEA8F8064E8C1CFED746DD2DDtrueMicrosoft WindowsValid 734700x800000000000000075910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\msvcp110_win.dll10.0.14393.2007 (rs1_release.171231-1800)Microsoft® STL110 C++ Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp110_win.dllMD5=BFB390484F611C21582AD11E4C6ADEF2,SHA256=30B5AD268C022FCA2AACAE2CB6E4DC36F6A01C16A006046BB4417CEA96DA4F5A,IMPHASH=80A56C2FEE02149B4E326F9A62FF4B12trueMicrosoft WindowsValid 734700x800000000000000075909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000075908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8,IMPHASH=B53F82B33CA6ABD6251152A46E5FF78CtrueMicrosoft WindowsValid 734700x800000000000000075907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000075906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\wincorlib.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows ® WinRT core libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwincorlib.DLLMD5=F08F4542548A5CD4F521491164598021,SHA256=D60844E5A091DD42CB1BC03CA76B8BBAF55C5B1A9EC3F1403AB241DDE36CA630,IMPHASH=7118E177B350BBAD51DE9533CF52B852trueMicrosoft WindowsValid 734700x800000000000000075905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.788{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000075904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.750{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FA,IMPHASH=D919FF32201FBB7C5B3EF498D589EAE4trueMicrosoft WindowsValid 10341000x800000000000000075903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.750{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|c:\windows\system32\bisrv.dll+1d9ff|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 734700x800000000000000075902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.719{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1F,IMPHASH=518BBC26E9BA87459E80712401FEE077trueMicrosoft WindowsValid 10341000x800000000000000075901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.719{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.719{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.719{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000075898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.704{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628,IMPHASH=31EA1856BC7597303D8126028BBFDFB8trueMicrosoft WindowsValid 734700x800000000000000075897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.704{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\actxprxy.dll10.0.14393.3808 (rs1_release.200707-2105)ActiveX Interface Marshaling LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationActXPrxy.dllMD5=087C47C19BBFCB9F4932C03C0189E86B,SHA256=9BEE35FBFA2E595372D82E8858BE46CE7717E0399996960398BC238F4D0E5207,IMPHASH=24160898971C9C6FED5AE429E3AAD3DAtrueMicrosoft WindowsValid 734700x800000000000000075896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.685{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 734700x800000000000000075895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.684{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000075894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.682{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\MrmCoreR.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows MRMMicrosoft® Windows® Operating SystemMicrosoft CorporationMrmCore.dllMD5=D730B5700BEB4A7E6E4244684356739C,SHA256=26083BEB490E48F5711D69A0E597B7A4CC6FB4B31EDCD535A0FF0DFBE4E6F8DD,IMPHASH=462A9FA6F44F25C68798F197AC8EC9D9trueMicrosoft WindowsValid 10341000x800000000000000075893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\psmsrv.dll+e342|c:\windows\system32\psmsrv.dll+eb86|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000075891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000075890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000075889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000075888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000075887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.651{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000075886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000075885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\WinTypes.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=F26A1B9400B1B37D899B01DA8DE809F7,SHA256=F0AFDE11FE0C22D0A25CA4F5A07FEDDC6D3014902360566575E4AB5C164AB8E0,IMPHASH=58F905117CF0434AF54A7CD9D43EEF30trueMicrosoft WindowsValid 734700x800000000000000075884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000075883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000075882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000075881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000075880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000075879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000075878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000075877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000075876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.635{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000075875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117,IMPHASH=BF1AF19CCBABA6D54178C43BE36CD985trueMicrosoft WindowsValid 734700x800000000000000075874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\backgroundTaskHost.exe10.0.14393.0 (rs1_release.160715-1616)Background Task HostMicrosoft® Windows® Operating SystemMicrosoft CorporationbackgroundTaskHost.exeMD5=0601F285DCFF75E679BD91E39B6EBDBF,SHA256=23A80E09DAE6DB17909E81B1CA7E9BF43158BDEE69C1646125FC62E6BFE2745B,IMPHASH=F1FEC8E3885EF3E1C004A8415DBDD27BtrueMicrosoft WindowsValid 10341000x800000000000000075873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000075872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000075871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000075870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000075869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.619{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36dd2|c:\windows\system32\rpcss.dll+4401|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.604{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x800000000000000075859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:35.535{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C7E29BBB4F77FC5431FD794F9CD2115,SHA256=C22B641F6A191DC23CF20BBF724337753A0D6139F1E33B679429C4A5C47C6ECD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.969{8057F119-21BD-60EC-4407-00000000DB01}42449892C:\Windows\system32\sihost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.807{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.807{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.807{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.807{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.807{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.807{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x800000000000000075951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.638{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=112E4CA3B0E098E597D6B7B41C29F67B,SHA256=96C790A2D57986163FEE652D7F993917BEC4DC7DD5B70F31D7F067E9423BD587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.638{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD19BBF645240731B476CD693A51DA1A,SHA256=A12768B13054E806D809A707815A5ED18A40416A04E84BC4199FB3E63A8A9284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.587{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C7EC75E9596EA203298919D0FFF763B,SHA256=6B6E75A9B94B169A736C7C94B29E84D7E9870802DFC17986E9DA72CF9C5FC176,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032591Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:35.997{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0535F25BDEAE16BCDC841027442B6715,SHA256=7C26E98BCDFBE2D7AF8408E97D94212EA56BA0DA724D7D1F6E683192630AC085,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000075948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.139{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.Web.dll10.0.14393.4169 (rs1_release.210107-1130)Web Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Web.dllMD5=399F7366C5D75F1B7E804DDB0A6069D0,SHA256=F365F479ED03EF60BE3E78DA076BF1FC6E10AC4A2511C54D59AA14A7FD52A201,IMPHASH=A4CE8C0D67248A4EE97935AB72FBAB58trueMicrosoft WindowsValid 734700x800000000000000075947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.123{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\Windows.StateRepository.dll10.0.14393.4169 (rs1_release.210107-1130)Windows StateRepository API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.StateRepository.dllMD5=8F4457905D80A520C684CA48F807C268,SHA256=623299C57C3148EB7B8EE0FE22F2E8A4C7A41712A87D43074E56643BEB84C06A,IMPHASH=A28EA9ED587BD4511849B7BB44021022trueMicrosoft WindowsValid 734700x800000000000000075946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.107{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\StateRepository.Core.dll10.0.14393.4169 (rs1_release.210107-1130)StateRepository CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationStateRepository.Core.dllMD5=94299201E0B602E4692F61C5A46E32D9,SHA256=D343410FB20D88B74BF661CACADBBD913034D02410A826A84D60B2B66A95A862,IMPHASH=53CA7FAF1CEDFB0EC8CCD763B974D4A1trueMicrosoft WindowsValid 734700x800000000000000075945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.123{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\StateRepository.Core.dll10.0.14393.4169 (rs1_release.210107-1130)StateRepository CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationStateRepository.Core.dllMD5=94299201E0B602E4692F61C5A46E32D9,SHA256=D343410FB20D88B74BF661CACADBBD913034D02410A826A84D60B2B66A95A862,IMPHASH=53CA7FAF1CEDFB0EC8CCD763B974D4A1trueMicrosoft WindowsValid 734700x800000000000000075944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.170{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\SystemEventsBrokerClient.dll10.0.14393.4402 (rs1_release.210426-1725)system Events Broker Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSystemEventsBrokerClient.dllMD5=46BA713819EF1E3C5F65B0464E6D1C65,SHA256=6EDA91DEDCBFBB92A35DD9B847036D959297045A1220994A6B8AFC12AB63B0B7,IMPHASH=4FEED1526B11CE741F11F9B4852A7936trueMicrosoft WindowsValid 734700x800000000000000075943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.107{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.StateRepository.dll10.0.14393.4169 (rs1_release.210107-1130)Windows StateRepository API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.StateRepository.dllMD5=8F4457905D80A520C684CA48F807C268,SHA256=623299C57C3148EB7B8EE0FE22F2E8A4C7A41712A87D43074E56643BEB84C06A,IMPHASH=A28EA9ED587BD4511849B7BB44021022trueMicrosoft WindowsValid 734700x800000000000000075942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.154{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Time Broker API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.ApplicationModel.Background.TimeBroker.dllMD5=F207D5F13B4BAA9B019069417D8EBBAF,SHA256=3CD84A59971EBE4F15D80C3AC601F5909F659460C7E7044052738473A5B60A5C,IMPHASH=4C27BF49B65386EF2EC96A3494DD1C13trueMicrosoft WindowsValid 734700x800000000000000075941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.139{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background System Events Broker API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.ApplicationModel.Background.SystemEventsBroker.dllMD5=CA9C668C4CA98136A8BF861A6851E6F2,SHA256=8EFA4C1034B0743638D99D6897B98C86E8A1AAB798AF390A0CB343E32055DC55,IMPHASH=8F369C84E30D6D0A93B10A043079A52BtrueMicrosoft WindowsValid 734700x800000000000000075940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.139{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000075939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.123{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\AppContracts.dll10.0.14393.4169 (rs1_release.210107-1130)Windows AppContracts API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationAppContracts.dllMD5=0C7233FBE28B3282F0F10864AED43B11,SHA256=9ED9DD27915352576A4D29120A01FAB62044BA0FD6AC1B49D7A9692CB398F53C,IMPHASH=42FDA8D71EDB03006B7F684F5C1BA1E8trueMicrosoft WindowsValid 734700x800000000000000075938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.070{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\AppContracts.dll10.0.14393.4169 (rs1_release.210107-1130)Windows AppContracts API ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationAppContracts.dllMD5=0C7233FBE28B3282F0F10864AED43B11,SHA256=9ED9DD27915352576A4D29120A01FAB62044BA0FD6AC1B49D7A9692CB398F53C,IMPHASH=42FDA8D71EDB03006B7F684F5C1BA1E8trueMicrosoft WindowsValid 734700x800000000000000075937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.055{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\threadpoolwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows WinRT ThreadpoolMicrosoft® Windows® Operating SystemMicrosoft Corporationthreadpoolwinrt.dllMD5=4D271D6FA08E19B78A99F948FB012F44,SHA256=92D9A5BC0F95FDE6BA83D17925122815BDF3803D949112852C3D97CFBA16D219,IMPHASH=0E03F54121A53AD6BC839C0721A3CECCtrueMicrosoft WindowsValid 734700x800000000000000075936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.039{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECB,IMPHASH=536E202FBC448C2C3B40D60D87620951trueMicrosoft WindowsValid 734700x800000000000000075935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.039{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000075934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.039{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000075933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.039{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000075932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:36.039{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\System32\backgroundTaskHost.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll-----MD5=3FB73B06A20752649DF87465890A2B41,SHA256=04B08005595D4508F1CFD256090C5C3B80068314F7ED952EA2553F0693C80218,IMPHASH=797D69ED46778C57C35FA53803AABB8DtrueMicrosoft WindowsValid 23542300x800000000000000075970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:37.606{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76B3290ED7CE59FD96884D8053A9F17C,SHA256=429D1127A1E0811FF2E78C29F1094EC0C4E38EA223EC82D382D8E1EA77D55ADA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032593Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:35.551{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51596-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032592Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:37.044{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF6D71035683E0CAA2AA9DC811EA1912,SHA256=A8256226F46B1124DD1880DCE3482121BB8B62AA8246C1183644D4805EDA4C48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:38.606{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A42800923BEFA12288C15C0D00398A3E,SHA256=3A95FE42153E26D7E39E9625082E074AE5CD448CE6EBBF68462D9C9E2E38B99A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032594Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:38.060{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E94DA3F93F42C39BDBD52528F7805EF9,SHA256=657C1195DC2D3EC02EEEF3F86F8AE4BBAC181B260CE5BB3CFC96ED5399968775,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:38.357{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63401-false10.0.1.12-8000- 23542300x800000000000000075972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:39.621{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99483CE79A9C178D779EB705CE0F4CC1,SHA256=731B18114AD0298160F9678445A598B83CEFF8BCC6E2EA38C2091CA247EA8611,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032595Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:39.075{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D65A7882E093713B2AB4A23F585A9A95,SHA256=00491C0FB2A12519CC5690D58DC18F6F09C53B9833A38787C042B5DC35018953,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:40.667{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D830C1269B79F74A35B1BF5B06A11650,SHA256=CD7EC31C1488E1F3C6E2A716D207648464B01D41F87BBFA7492BBE543EBCB462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032596Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:40.091{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FC798F87AFF5DD0FE7786EEA27835B9,SHA256=1E75161B6FB81AEA142046CA6C0A073A7959557F87B4E97EF9BD60C05B97272B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.689{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F090BE6F2D03D1E37DC71524AE3663C,SHA256=BFEC9391989252964CF34502D83A6894CF14CB33AF61A7A93A7053F056475EB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032597Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:41.106{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38F849DF763672FEC6AF5584B8A2B78B,SHA256=2E2E6219643805F45685389005AD335A7ACEC0712D966A4E10151951FDA0FDA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.667{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+a1970|C:\Windows\System32\windows.storage.dll+59c7f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000075988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.667{8057F119-21BD-60EC-4407-00000000DB01}42449892C:\Windows\system32\sihost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+756d|C:\Windows\system32\activationmanager.dll+b93d|C:\Windows\System32\twinui.appcore.dll+3df1|C:\Windows\SYSTEM32\twinapi.appcore.dll+2accd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.667{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|c:\windows\system32\bisrv.dll+1d9ff|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000075986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}8408984C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:41.651{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x800000000000000075991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:42.704{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C6DF04793EDED13BAD85ADF0AD8932,SHA256=5E9DC1A918A4E59AC085A92C740B0C74815CE1C4CB8FCCD2F87B88FA2FCD5611,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032598Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:42.122{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7959AA244E9F25F6FDEC385AA13D2A8,SHA256=F1FE6B3D9E19BCA752C1E7E332348CA1BB0E13E7387E78588AA2FE6C0067D112,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:43.985{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-phish-proto.metadataMD5=E3F741C1169D94ADDB054772C92433EE,SHA256=B0C440E8DA8B80986BE51DB3C9CE8F8993FD687E4FF7360D1A59E847520D0F4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:43.926{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-phish-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:43.724{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10DD49C75BEE40C641357893AEB89129,SHA256=C5F8FEB608B769E9878EC5DE2D4E5FD3719A1A61638C5378FA5BFACD3B17CE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032599Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:43.138{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63114D245FB90FE025D4CEDE88545CE5,SHA256=E6DC6EA88B72558D390179F7B5E714BC3C1722CA9A378DFCDA77C5EFC89C44A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000075993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:42.642{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60204- 354300x800000000000000075992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:42.640{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61955- 23542300x800000000000000076051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.930{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:43.357{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63403-false10.0.1.12-8000- 354300x800000000000000076049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:42.643{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63402-false142.250.74.202fra24s02-in-f10.1e100.net443https 23542300x800000000000000032601Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:44.278{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01820DA3CB0F0466FAF4F002A5F6C36B,SHA256=E6F718787DDD83B3A60258B75B5A9F8A7ECFDC0F30DF2C044A9E334249B1A87F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.415{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.vlpsetMD5=4389884605AD56EC50BF27FBD4CFB473,SHA256=60B552CBA048738FE850BA958CDDF9B742B6FAA7519F455D4B39437734725990,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstoreMD5=3F92B621E1581AD764BE2EC57381AF23,SHA256=18FBBA6D350213F61DF718195FD2B38A3B8344D0A5C22C2713E6F8944E9A9DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.vlpsetMD5=8D76E0D31A687AE5A730C71C052C68E8,SHA256=6747A2FB92023CBF27E345AAC38B2BA7695A7DC5E9A42BD793D0CF6DAEAED260,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstoreMD5=DC7308A91A03C92D7329F37F15C7AC82,SHA256=180DDE904FFF036ABD4045A52850200ACA369E4577E14E0675E5298855A6AA0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.vlpsetMD5=54971F1ADD787A9676F9DEFAB4C7FE3F,SHA256=FD890E3920CDFB62C1089C6119A8F8B713F81BDDAF7BEC925AFB4BDFB32AF5E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstoreMD5=0A19E4A237D65FF069452EF5201F217E,SHA256=AC5D43328F28E2B1159D014197F58D987C2AB78C9179DCD924524353571FA604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-track-digest256.vlpsetMD5=D95F203FEE1C8FAE222EF4C6D410971B,SHA256=1CA57763647104AEF83C8A86E8366FBBEE4BAA88C900C7AF66F437720319CEAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\social-track-digest256.sbstoreMD5=C0FE3CB314FDF424A4D4F1DE2801A4DF,SHA256=C4CA8CE5B3B8D038E3348887BDA7634D1949325BB95A68D17184D2A99F37E810,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.vlpsetMD5=8F1AF05E946BCD9711A1CDE1B1ED6C95,SHA256=0F5C8864E17307F3C8CE1D35AC4770D0C1C34F8CDB3FC7404F2114B4E0FD93BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.sbstoreMD5=B91E9842F81EE5668B68C0B5B561010A,SHA256=19F7DFB5FC8E587C8D48DC8A779B07E1C11CCD772A7B68025146FF0A335B54CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\mozplugin-block-digest256.vlpsetMD5=FCC9C2C9B611A3264B68EBE180EB4248,SHA256=6ECD378A537EEFE350B45CFA353741383F407D99D776BF23155A7825DC5DD2BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.400{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\mozplugin-block-digest256.sbstoreMD5=519BEB1B01FC355BB388F1F75BE997FD,SHA256=FFE2D3077B81AE6F51B220C1C661B276C823FA67DAD1D64FC5F17249FC54BDC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.384{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-unwanted-proto.vlpsetMD5=426E19544B2D86FC0B8206D3262F9D86,SHA256=37372FB2AEDF539572AB3766BDCACAF60644200D4E32B6A01427CB7E2D195B06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.384{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadataMD5=EB7AF9FEF582FD3F6C2AEE109924726C,SHA256=0F6818C50DB6082D42E860C29C0CF34E77FFF9105B43895B1EA4E0ED5004AFA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.384{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-phish-proto.vlpsetMD5=43BB838052B04B4E3741C93E46DE001D,SHA256=21A1A64EEB6C2FFBDFEF043C088DB953709FDBD144EFE51059C2285372F04056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.299{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-phish-proto.metadataMD5=E3F741C1169D94ADDB054772C92433EE,SHA256=B0C440E8DA8B80986BE51DB3C9CE8F8993FD687E4FF7360D1A59E847520D0F4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.299{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-malware-proto.vlpsetMD5=3C7FED95E72EB63128F0A343D3DEA46A,SHA256=7C57AB1CF8170A88D4979ABDABDC79CFD87200EE9E1D3EEB58B93037D03C9975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.299{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-malware-proto.metadataMD5=0E5F05EBC2AECDF702E8B2F04D4BF61E,SHA256=3B78AE0403780DA3476D3A9EC94D6C7044E7AC3B3C42122988776109296A21FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.299{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.vlpsetMD5=EA86E0097B81FDBDEE3F12AC90CA6410,SHA256=6A242B62530E38DDCFD272643F6CC44EDC0208C69DC3022D6CC273F4C7E79AF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.299{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.metadataMD5=F65ED2309BEEB639968C7622DE89B138,SHA256=E416140EA8A4E8046BB7D347051AFFF456D6A8CB347F4310EB0DC669350B6CCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.299{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.vlpsetMD5=5C7E35839448B6B48C7CB0BB2EABF016,SHA256=FE562E54CE51AEC9F692C0256562FD6497A0EFC81F6FC40CF65F43314A5353C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.284{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadataMD5=B7041239E2F457951F4FA4F1ACA2CE62,SHA256=4F4EF25B0D5AA01712CCF71F1341B76E409D3301DDB438B31B3B38D88D94E050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.284{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google-trackwhite-digest256.vlpsetMD5=E54E5B84194EEE15E64D2A03F1136BB7,SHA256=07707B589BE3DBA3BB0BDAC67760A2B180EA3531E9D7976B73E4C1D8DF9DBB1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.262{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google-trackwhite-digest256.sbstoreMD5=5A35E65CADA1885B6796D1B3FE56E5F8,SHA256=35A1BF0FF6DD2B70DA5F89611891D413808DDE1510D03D788FF48A214AFA7CDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.262{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\except-flashsubdoc-digest256.vlpsetMD5=0C0D67875BD75A0227C02DD8529BA01A,SHA256=614BE0169EC36E67223EB9645A98DA66DBFDE5DFBB89BB064F428AAEABDD9D97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.262{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\except-flashsubdoc-digest256.sbstoreMD5=22698B4CF784DBBAE2D583F00491D43D,SHA256=3849563088AE0677D61702A1310FDE26DE5DDD846D53037222D3EFE012197BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.262{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\except-flashallow-digest256.vlpsetMD5=7194B6BFF691A056852A51E2E06CE8FE,SHA256=CBE2DC6ABFE25BEAD60F4DFAF419FC0F441FF8A8DD4A2FEBF5553BE1CBD90C49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\except-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\except-flash-digest256.vlpsetMD5=C2994D388F8780C87D35C352D9582985,SHA256=7ED09F7D2BD632F70077A4AE4F2BD2F3FB654B03CD72652F51678B0C7D027F25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\except-flash-digest256.sbstoreMD5=D5D6B4D59B4AE4E2DE4B40D0DA083571,SHA256=000E3A78C72A210CA3B5417A3CDD294FBCE2A31661601C9D594C75CF2800571C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\content-track-digest256.vlpsetMD5=E72E6B0165636DAE364CC43097FCD4E9,SHA256=3FE594D286D351B102E94676FD8A91B8FA0B3FDDD151336DDCE8C9BA2CFCFB50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\content-track-digest256.sbstoreMD5=318288F5909637E0C3285C0942D72FF4,SHA256=F2BB9D40F7237C0E6D8EA96DFA2E864BD1264EB191C52BDBF16488D9466BC300,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\block-flashsubdoc-digest256.vlpsetMD5=40165280FF1345B5241EC2A9D1DA2AF0,SHA256=F80BDD5341D8B1EE946E344E258EF2D35C3C0BB6B13EB7B3E6A77467DFA8B97F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\block-flashsubdoc-digest256.sbstoreMD5=B9556D03AFF392142AD5691D2F867310,SHA256=CFD3909B41C1EE3CBCB8B7D2B1378065E7D3B543FFF1F2FB7A4F25C5FF41722C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\block-flash-digest256.vlpsetMD5=130B9AC2BEEC5ADA274561105D81AE36,SHA256=7D99FEC08182A5B95D18D1569EDAA2C60C2AAFBD15A56D8882F22F3B395E6460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\block-flash-digest256.sbstoreMD5=9F6B331AA1E070DCFEED473E76CE56C3,SHA256=7DBBEA2DD387EEB85E1F56E02FC9989ACDE570CD43BFEF2C2A827093BA87DA6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.vlpsetMD5=F7A173C65979416711FAFF47FADFBB44,SHA256=7F018CC32CF471750B6C5322E27E4F1C38097C414E7C6DC6AF9CF31E607431A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.232{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.sbstoreMD5=5C71167AC9642FCF7752093F77FBBC89,SHA256=6714F7FBADCCB013DA1D8ECEFA6368A7D193E1F2460477F8AC304EDCF8637AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\base-cryptomining-track-digest256.vlpsetMD5=BFED06667174B0D03EE7F88A3DDC9A8C,SHA256=7AE5584755089D28C3A52DCF1EB86E62D4F2E377D61A7D549C6D4EBD53F39B26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\base-cryptomining-track-digest256.sbstoreMD5=E6AAB64DC2799B4ECC6A6D18F86BD283,SHA256=D72FA31B50E9164371C5B7A3CCA257B99CE12D900FB07DEF942361D76299F5FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\analytics-track-digest256.vlpsetMD5=16E5F327975AC215E9EFA4A4FC5262F5,SHA256=4698D628493E91E42494C8343B7E6469DFC1BFB1F771258C2FB556E84EF314B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\analytics-track-digest256.sbstoreMD5=C3757E7620737B3B6500073B370852FE,SHA256=34B07244F673343E9AC1C775B455C0A60AA95439E83A70B0C6A24E504A88F4B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\allow-flashallow-digest256.vlpsetMD5=DE0D88480C24350C59E1E9A3583DE0D1,SHA256=01BA9F0B913E04ED10BD7166796483DD4F72005F249D6EE68B12117BE4B5D3C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\allow-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\ads-track-digest256.vlpsetMD5=8D9E3EEEE577DCE4B0062413A081F9F2,SHA256=D0E3356B67A0BB9BD101D87FA6E23EC2699CC8A25564CD88076663DACF73A9CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.216{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\ads-track-digest256.sbstoreMD5=2CC22CF356532158115AB8A0851A9A80,SHA256=6B106FD00C6E27909C9779448E5BDA5FFB96FE2A6FF42636A662AB411D9906DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.200{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadataMD5=B7041239E2F457951F4FA4F1ACA2CE62,SHA256=4F4EF25B0D5AA01712CCF71F1341B76E409D3301DDB438B31B3B38D88D94E050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.184{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.031{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadataMD5=EB7AF9FEF582FD3F6C2AEE109924726C,SHA256=0F6818C50DB6082D42E860C29C0CF34E77FFF9105B43895B1EA4E0ED5004AFA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.031{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.016{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-malware-proto.metadataMD5=0E5F05EBC2AECDF702E8B2F04D4BF61E,SHA256=3B78AE0403780DA3476D3A9EC94D6C7044E7AC3B3C42122988776109296A21FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:44.000{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Local\Mozilla\Firefox\Profiles\ugslyq49.default-release\safebrowsing-updating\google4\goog-malware-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032600Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:41.411{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51597-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000076053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:45.765{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50A3859DE4B4F0257A5B5906E1AD570B,SHA256=FD5662052BBBF06797E0C0AEC302466BFBD76C36849CE3503DDE8BA2DA92D400,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032602Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:45.310{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41B34A6594178446C89D360EF93A3C56,SHA256=0EA3A9A094EE1C804B1AC113A1CAF59D94BBF1305D43F35070B1DD2D15076F46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:45.131{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3972F154F767331F643DF26D976CB971,SHA256=021207F3929738BB1AB3A7672835D336A01EAD9B6DFC6DD24F0276B16D747812,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.775{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 10341000x800000000000000076104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.589{8057F119-3019-60EC-110A-00000000DB01}862810012C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.589{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.573{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000076101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.305{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.289{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.289{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.289{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.274{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.274{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.274{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.274{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.274{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.274{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.258{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.258{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.243{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.243{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.243{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.243{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.243{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.243{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.227{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.216{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.216{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x800000000000000076067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.215{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.215{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000076065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.215{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.215{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000076063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.214{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.212{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.211{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.210{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.210{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000076058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.208{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.208{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.208{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.208{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:45.935{8057F119-3019-60EC-110A-00000000DB01}8628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032603Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:46.372{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A8888C6A6A2BA7972BF9CCF2F9A755E,SHA256=6F1240A8734593AA3C01B8BBC609CD76610A394A294097AA6D72684C869AE687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032604Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:47.403{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47EE066E3B6579687E2C2D72219F40E4,SHA256=367E0237BB9F55E67FF7C94E33B3B43A6A18907C06EA4457A2B6A0FDB214B7A5,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000076170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.976{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.976{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.976{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.976{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.976{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.976{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.777{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000076163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.576{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED68884E0F7A2B5CCAAE6BF582160EA,SHA256=56B99EDF804BF268F9418C789E318ADB9CB65CF450599BF197E4DA8098ED2CCA,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.421{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.419{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.418{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000076159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.354{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CDAF2C86EC949C63EE1B18954905BB9E,SHA256=FD3AD3F9BE03D61517F78A1ECC072598314179DCC00BE9C267B07E049CC9F840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.353{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=112E4CA3B0E098E597D6B7B41C29F67B,SHA256=96C790A2D57986163FEE652D7F993917BEC4DC7DD5B70F31D7F067E9423BD587,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.112{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000076148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000076147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000076146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.096{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000076123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000076122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000076117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000076112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.081{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:46.882{8057F119-301A-60EC-120A-00000000DB01}640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032605Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:48.403{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=441D38E43050AD701EEDAD4A1DBB6463,SHA256=F747B73424941B405782C1068EDDF4E05383D830728B960899D9C496A0E7883D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.791{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CDAF2C86EC949C63EE1B18954905BB9E,SHA256=FD3AD3F9BE03D61517F78A1ECC072598314179DCC00BE9C267B07E049CC9F840,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.291{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.291{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.291{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000076213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.245{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5E1655E47F4561C12F62F1C9BC077D4,SHA256=E6AABED7F06716177D1242F968626234D96D74FD5A5C6C479578FA3B5B759553,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.192{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC754F9088738240F0682BCAA8858BEA,SHA256=5DB7D599A5B0EC079892ECBD754C09622F8BDE9DA32E2F5B880EC0A3BFC9A9D3,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:48.007{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000076181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000076175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:47.992{8057F119-301B-60EC-130A-00000000DB01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 23542300x800000000000000032607Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:49.419{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F354DEBEEF6DEE4B9DFD507100CCB8,SHA256=7AF2822282C58A47DFB74ED140AB8D06AAEF20F4D2AAE02920E16738D0139AE7,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.912{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000076268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.910{8057F119-301D-60EC-140A-00000000DB01}63006176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.910{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.909{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000076265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.622{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.620{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.620{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.616{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.616{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.616{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.616{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.615{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.594{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.593{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.592{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.592{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.591{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.591{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.590{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.590{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.589{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.589{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.589{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.588{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.588{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.588{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.587{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.587{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.587{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.587{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.587{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.585{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.585{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.582{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.581{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.581{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.581{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.580{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.580{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000076230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.577{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.576{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.576{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.574{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000076226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.573{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.574{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000076224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.573{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.572{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.571{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.571{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.571{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.377{8057F119-301D-60EC-140A-00000000DB01}6300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000076218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.207{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23C0D3B58319A2EAC224ABD8E1DCBC27,SHA256=4DA1779802C2336D47C8455F2B259F49D26DF4190CCE96A397E7A992E109231C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032606Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:46.457{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51598-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032608Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:50.466{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D318B085DC546F2AB745641ACC3A383D,SHA256=8E5DD2A122C70762F1532A24029DD0B3C17725D6FDF78107A156723304DA621C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.882{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63405-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000076325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.882{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63405-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000076324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:49.258{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63404-false10.0.1.12-8000- 23542300x800000000000000076323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.678{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=045F7C1BACCA276DE61E1BBAAA7DFD75,SHA256=91F15D5C77F60F5FB0055761A543976EBDF1235026B0F928E247FF502B3EF7CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.678{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=411FFBE7AE15E575C101823CA63839BD,SHA256=1E0E073E8534B5E62EA9C76A09436A43F31AF054C5FFB228117EA07E000FBC3C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.647{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000076320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.647{8057F119-301E-60EC-150A-00000000DB01}84043580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.647{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.631{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000076317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.431{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.431{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.431{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.431{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.416{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000076282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.415{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000076281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.415{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.414{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.414{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.413{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.413{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000076276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.413{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.413{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.412{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.411{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.411{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.411{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.264{8057F119-301E-60EC-150A-00000000DB01}8404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000076383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.570{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\bobtcptruefalse10.0.1.14win-dc-89.attackrange.local63406-false52.38.70.232ec2-52-38-70-232.us-west-2.compute.amazonaws.com443https 354300x800000000000000076382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.433{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local64341- 354300x800000000000000076381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.433{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63272- 354300x800000000000000076380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.419{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54316- 23542300x800000000000000076379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.613{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=165D121CC4D9FD9BE8160453311310EF,SHA256=D765F75C7DC62A5FD47405384C1ED4C5F13728852DA379F20B7A6FA23388C7A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032609Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:51.481{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=910370D29895F76525EEC5EABC370760,SHA256=524F6996420022F5A54641E10F6C71C0480DBF424F50ED91382348ABE42F78BA,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.362{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000076377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.362{8057F119-301F-60EC-160A-00000000DB01}30849944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.362{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.362{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000076374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.277{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A1CFBC4FBB2B1730BD1AFA7D6D470CC,SHA256=C6B6C6704665A8279D7506575B9885A882E44298DC0D067F67926F65B7575538,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.162{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000076338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000076333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.146{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.147{8057F119-301F-60EC-160A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000076386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:50.303{8057F119-21D0-60EC-6307-00000000DB01}7172pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com054.184.190.181;52.40.184.35;35.155.6.125;44.235.28.153;34.215.151.143;52.42.129.205;52.43.155.197;52.38.70.232;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000076385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:52.631{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=857665799F7A34DA7D3850617FA6D91F,SHA256=42CCFBBA04F10EA1237EA699650DB6D1D5FBC11905AED72FF14611A89AB59A21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032610Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:52.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A787E8059C3478E22576A9B0BEECC1,SHA256=E6A934664DAC4A08B754DFE5C1F1C73FF5CB04E863179D8220C0EA7A8BC8E2F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:52.147{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0123E9C60725FC2C762CB427C6DFB395,SHA256=919F754DCE870D6702E5ADBF780A9EA41C280751EA9D83ED0E6FCDEA7AADE766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032611Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:53.548{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20B08079DBAE3E501E2A8E1B932C5570,SHA256=9FC7F731D1EAC856610BD424C5D049278CC30E277348F846C5B0AAC840DC176A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:51.868{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local60577- 734700x800000000000000076437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.724{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.723{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.719{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000076434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.431{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000076425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.415{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000076398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.414{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.413{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.413{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.409{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.409{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000076393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.393{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.393{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.393{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.393{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.393{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.393{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:53.163{8057F119-3021-60EC-170A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032613Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:54.611{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1586EEA75269FA4CA65303DA65BB713A,SHA256=40397CD19DA132519BFBCF7C8EC0ED6B31908AB09A4BDE8071FCBFD922E64E0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:54.751{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3C9002BA0D6A47335035B7DC5B613C,SHA256=ADFDA81AF7976A9E45CF6592D4A9F70F64EC3302543675011A8A1FD0B37824B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032612Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:51.567{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51599-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000076440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:54.183{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3826CF3C172FCE178A6D7EC8D28FA76D,SHA256=83697930302B8169BEDA0E5FBE21F4817FECE666E52FED352E4B86EDB552AA21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:54.032{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B053AB429E3E9D70084798886A01B8E5,SHA256=DCE2BEA6BD904C675AF1C1C632698B009A1E467809F1ABF6A0DE5F636FF96747,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032614Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:55.642{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B6E6794EDC616B0CBC8B01762A3F71B,SHA256=904AF2AD20741054AA4CF5626BD053789C44594F434A5C5D89294D51C3AD5121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:55.781{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1DCC0789072FABC679F22A2886760FD,SHA256=3A39FAD0264D291AE59933EAB2227B5747017C3EEF1F22A4A7ADCA66DBDBE182,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:55.218{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63407-false10.0.1.12-8000- 23542300x800000000000000076443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:56.812{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4A0DFD9A0330A3AEB114062115C4CC5,SHA256=50E72130DDD43FC5BFCB7863683A22ACA2779A51C6776600EA98A55FC66E09DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032615Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:56.673{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF778D5E26EA23E43E99DECC8912F51,SHA256=C4EE8764BC3AA6B65F57214AA382068FBA750F3FE5289B95CC09484333AD8E09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032616Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:57.705{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F24B3E735D4AB6D8355900D1E7831FD,SHA256=2A52D20CBCF1A72C951A539F82D0D2C50FC9434BFF6A152D9FCEC4A739E93383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:57.829{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75FFCB4BECF7BC719F37035B036D93F3,SHA256=656370D678090E36CD35BAEA8D99465BAA143AFDB5054607F3F97797523EE38E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032617Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:58.939{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5DB38735D990366CA63D19AF3B99139,SHA256=A67F8C3EDE8BD6FA6C4945A412248B0E8F80E6C2F13DB0581797465F7AE4B719,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:58.849{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98B611ADC71F1B2A74ECB76AEA1C464C,SHA256=B07E9F45730AA0A5C4D514055596010F584978FE9DEC7E842EC9235770E541B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.864{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCE873FF52EBD5B00731AB5004864B53,SHA256=4F89A2F85A53E07911EE155E745929ABE73422A37FFE45C3485CDB0F4622DAB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.565{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=3471B870363B83A1787DEF63641618C6,SHA256=C4882F127C0E165FCFFD5B8BED2762D9FB41699BE76E4662DC7DD79CC2463AE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2AE5D0699E08916C06B0BD70D567BF14,SHA256=603EF1067B011701DAB5424D08815567A15C76CFC8655CA9753DBD70BFA5F3D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E5A3922C4185590337C5DCAFF5FD2355,SHA256=84862456C51E19232B41DFAE74B796228F7E0D9532B347D0FB606346859E05C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=73FBC377B6C6357C5CC5EF6B1DF12769,SHA256=B567054A6D9E1FF0F0D656AAF90DB94FAA8BA7F276021B4659C4449B89317BFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E56D7C5AC0775C009B505096E963D928,SHA256=CAED9746EDBADCDCB3EC1CD7B03DF886437B6D58617BED50ADDA99597501F825,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=938A18C78166663C42642E2366CC1FF8,SHA256=7C2C022ED0A1252D4A6239077C723DBDAFC7BACE7999EA3ECB9E3577AEC34E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=123F71E0D2B1456E434A65D2A2E201CE,SHA256=DAE154E9C43220ED5E3E133DA6412B1707C4AEACC8E93D63CC9E5900B7F993DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=CA7B283529B10695F620CE6CE6FB4709,SHA256=5A5D22A1BB0CF16A316843804C5C850E842D36618EB71B39BBCF10FE84179140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5F3D841310640E2D51780CE2349C4739,SHA256=0A6A872B2AC554BFFE21877483695B0271CCD9A2D97BCE2B20CEE31E42045C04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B11A2383CD4126962E113897CFA171C5,SHA256=9BB5C540E4EBD7325D00220958C32895FECC457DCA2124B933379324C03098D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:05:59.549{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D477276FE02E6D3E03522F3200FAF390,SHA256=9D4080B0CE23A9949B037ED0077B658A68286FC12363910C11D05049216EFD41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:00.894{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5D4761654CDBFA65BBB7F8E250D8529,SHA256=A944D702CF14BA0601A0FDCD9BB830E03F559F8A9905D79F74701804B3BB7CAD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032619Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:05:57.602{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51600-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032618Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:00.126{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6D74EBCC4AD93C39EA16621E11C8791,SHA256=B832C3B9E043EA121DF0828327535CA91D89193722B70C8313691B9AD6B0C52A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:01.909{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60D1BFAC7815C4DB4884898790FE1AE8,SHA256=163AB24CBBC57BA85D3176DEDE518C97F280DF95E135D0C33003C133D251E4FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032620Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:01.345{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1680B915C8C6877CD85F1B5F9DFB7C95,SHA256=4AEBD58BB75FA790CFA24A7BB0251E77B7A6826B53542A0CBF7E16C0DCD6ED8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:02.926{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B08FB52FB7A40F02E69D38D24C45DB6,SHA256=71164403B677D420F4380381E2D146ADF1CA99569A2C0E25F3479B388CE69B65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032621Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:02.423{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E0D3DA4B66277281AB740BE14F97C13,SHA256=D440DCE6A457011D33BF3DC85FE8325C1E9DA17CBD9937295FC78FFB9FA67E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:03.961{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49D930492250395F290FF353F461A115,SHA256=4B1BBA1E2EE1FADECE2D27D89E30871CF6346494DE3468562374CDADA90D259F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032623Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:03.439{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFD67C2FDCE2F5910A1969CF8EDA19A4,SHA256=287D041EDB32D3FA50B85EC40CDF1B482C95FFE4253F7A4CBA90C96E5328DCE6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:01.183{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63408-false10.0.1.12-8000- 23542300x800000000000000032622Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:03.142{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.976{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A48F617E49576897B5F620964739E656,SHA256=D23DBB33AABE6F59DFA5F9A3BFDE31A591B68D1D4FE5264A8710B480BCC6EC65,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032625Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:02.493{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51601-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000032624Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:04.567{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30CE3B4BB872DB1994B85F0AE35406A3,SHA256=7883C4020297250B19A4D70B90AC272D2CCF45869542C02AD8606B96C01A3109,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.576{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2D4341D553F3FD693FED322E06046EE2,SHA256=A84C3A568A6CF6AF83CC2BD606CED9FB78A893AA94F2940A9906C2CE0DC68C3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E9ED9425BF15F0FD4DD73DC3D28A2F5D,SHA256=CE4E3055BDBD924E601DD0B7B266A5E07C749FABB080FDEF06E281D9FED67302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=53120AF4BCD8A2941BDFC6ECF33A4B0F,SHA256=2F94A1B808CD5B8A4156D922F92E5321ECFC1A70DAB904FC661F808E41DA9233,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=72F7CEF1AFBECF87AB7C52DA719F6B3E,SHA256=52D305B886D30F00E405CCA59D9F1A796807FD67326BBA82AEE183D25BA4A117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=85112B0C76BCA7CC9C5C3B9F3FDB2E8E,SHA256=EA7636DFC17866356BEED235BAA2760E106A7BC486E2F4BC1CB97332896A6EC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2EC54DD8A5300E0A8D9AA311FF9CA39A,SHA256=47032694021735C9F089A86C63746F6BC84FD48101E5A2CFA0F71869CF854E8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=60E5DAC52FA5EC0D8D04B927FA392131,SHA256=AE26AC2C591E623BF9D123E9EE38E4706F259D260C074ED2F0EA0C725F97BDBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4F004D7A9158A3BDE02E61ED1883DA19,SHA256=76018D8CCA7566817345604AD2C21D3C786607145EE9843D6CAE82CE578CA72A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=52AAD4F73CD304AFA914E8F92D0B087B,SHA256=C42C3E62119DA41C13369A59ED2DF1A4C34A9955F8EC301B9C118FF908B46F23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D564CEFC46389A5AE990A52D36B461F6,SHA256=5A728FEB849E95BD20B7BF99D744E4084168B4F119DF9250424746C6434AA3C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:04.561{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=CBF63FD9669916E24D5E9C00E4DE74FE,SHA256=3EF72B17AAC2085F9DEB82EA6E0A14FE50C52C9DCE524DC89A5E73F8E3A16DA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:05.991{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48EE77CCD35FBAD7F7A1D2CD280B239F,SHA256=C2F1010774ACB554B2B2F21B8CAA527FF4A320196AD77C824BA0951FDD64DC02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032626Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:05.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F3C17F35A6BEFA35A4B6DCE7B287B64,SHA256=A3404400099483C4258633E2DBA2520ACC0137D5D2A085397FDC22C6E89C61E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032628Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:06.678{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72DAE080D6BC81FE3460B857E5482CB2,SHA256=B7F1CAC8BFDC30B1BB26642CB298ABB35D4F58867C592D6BC23032850DB94DBB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032627Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:03.384{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51602-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032629Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:07.710{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1B61A9F1D7BD26740262D28723C118B,SHA256=943676A0E07063173DCB75471402445A561215BFE5023E245641D0FC43EB2ABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:07.006{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=227F968D4FA334A6F23B638BF315112E,SHA256=D83D053FC42254C13C7A165F4280990A8AC7A62241BF418C41A4EAF5029AE587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032630Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:08.944{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6346475478BBEFEA53678DBF6A74CC70,SHA256=E3F179B21859C51957E574D61DC7BEE4BA52BDA4AC290E91439D304AC636E564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:08.024{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A0723214E2A016C24AFC11E6175F6AE,SHA256=4052C400F0B36D340682839C9F28007A838B15C127216D124AA8781A01DB002B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:07.195{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63409-false10.0.1.12-8000- 23542300x800000000000000076479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:09.043{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64AF822C6A1A11B4E34FDC0F784EF6FF,SHA256=8867658A901B71E8D9165632341FC597A61DABA5EA7E7A1B6642A774E01277F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032631Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:10.038{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9717D34D54F92F4EEF399C114BA3129,SHA256=DE6B5A96B43F195588BB4193AC0E2D772AF581EA62E065798EDB9B5C565ACB06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:10.058{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2544F1DCF8A413C39619C06C0943444F,SHA256=A2E0D7A5B647D5F9A836034F3C58ACB763BE5DDBCAE5C73528267BDF6B827C81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032632Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:11.256{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B0060165AC97643DD18BE532B566228,SHA256=0371182DA11880F543FBD5C9565A06A6DE676A980CA9AD1FB39D913E82FE0CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:11.073{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B1751DB5BE41B9496A4DC2FEEB56894,SHA256=3513D45CD634476E007B957CBC36A5BAE3B7C5C5CC6435EBCE6D67BA79DC1758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032634Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:12.491{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B9996B6527DEA0F6E0B1391D3C0F8C3,SHA256=8E99E02433B7A0E1F0DA26AB2D8E1E24C58FB393295A6D0123E5C3BB8C94D34D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:12.087{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C753C5F8FE5CE879F2053A53BA42A64F,SHA256=747D2A179954023BA86DD15CA874A47E23E7D150500D080507D3D74798E6A071,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032633Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:09.389{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51603-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032635Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:13.538{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CD030092FA0B76FEAD9B653E0C754EE,SHA256=C6B1A44A479653C69FBF1602E8A7CE8A16EB6CEAB8141E005325D22048185F4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:12.207{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63410-false10.0.1.12-8000- 23542300x800000000000000076484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:13.120{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8843A288BD39CBC5E408F6537423C74,SHA256=F0D009719C4FD73D33CC399B6A28EB1F76FA9FFF102FCADFBC6EFBAC923A5B4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032636Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:14.552{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8B0DAB1229084DC2C80A611F8CFDA47,SHA256=D33A6F2053026BFC80FADD9F59484CB5CB1AE74268B67B0985697E77F6A8F920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:14.159{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=154C57252DFE465DFA8BDC188D9172BD,SHA256=C74E6B8E4B6C5B594F6E4F497C28D09BF214C7D7AD04E36FC013CB44EE13914D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032637Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:15.568{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C453BDABA07E63F70F3AC8AAAB497EEF,SHA256=16A1FD58BBC73F852B92560FD291A58819181F56B20ABAB8EDEA0D1ADAEC443A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:15.174{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B343AB78787805587D845268D8610CB,SHA256=4C17C0DDF616FDDF24289E33495EA71E3FEE4FABCDFF695F2F3429AD3B601E40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032638Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:16.583{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA8DD52F8F91EDA81D7A7E1076E74E04,SHA256=5770D21B1B370FF49DBE03D5A71247E392A513ADE2CC546D3587F18ED983D8ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:16.177{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBF76AA7654D1692574E90967BF33F31,SHA256=7758F3F0D0FBED797497DF3DAC51CA9B5DE116B13B25BDC1B56B75549585C002,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032640Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:17.599{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2587AF953252149BDC7EAF3F294295C0,SHA256=D2D30753801F1030C55B783EF7904EE38E0B06A96413B6AF746F287C7D3361D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:17.192{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A67918D1A0DF6915AAEEADAED727CFFC,SHA256=93A29BAAAFAB15CA9F80FB5C262A20ACD2F4DE066ED1E87DF8516C9B1E7A77A5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032639Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:14.559{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51604-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032641Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:18.677{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAE74A0C09C718AFB0C3B5AB452FFC6D,SHA256=77463B6BD32854E48B9F00C2370DB012A530DA989F2401E4D963F1935E2F3ACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:18.192{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=753054AF48DDD01882CAB4655B268C73,SHA256=54F7C5D508829588D40218709DF2A6DCA89856D7CDA5914745F3E18A5053372E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032642Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:19.911{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C229B10032336B072D8AAE0CC301336B,SHA256=2338811DC00A88561AF80E720F4C785731146F0D05A0EC6B5FF15489CB748A30,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:17.263{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63411-false10.0.1.12-8000- 23542300x800000000000000076491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:19.192{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59D2C6BCA638202BF8B1B0E6A8C999C9,SHA256=E4FFB1568DA3DB374D238710489A220A85DB0257610F38D1C5F85B518E0AD138,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032643Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:20.989{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=134EE2CFABF3D273E74237CFFE272245,SHA256=35E11CECD9765B8A26730D7AD807E54449BC0B79CC021B0D8E345794FB5B0110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:20.207{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9761B547663609198DABA49D73C00191,SHA256=9A1F76B2D75E42E4EDA02CBCCA2057F73383A854F59C57F8FF557B78283331B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:21.244{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC0E17EABE534EC5E215ECF199D4D0BA,SHA256=EFEF47E1D3467E979649518BD79C63B46154FCE51FE2FA67D998E1891F2F0978,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032645Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:19.606{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51605-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032644Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:22.208{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE97DB779DE1BEC287CEF781ECBCA46F,SHA256=810963C482AA33B344C92119A122EE815D48EC4366DB5CF87C1C3DB7AC23DEC1,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:22.359{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000076497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:22.343{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000076496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:22.343{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 23542300x800000000000000076495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:22.259{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06D569660B44171BE0C262ADA29798A0,SHA256=1A572738EC7FCE2A2653F1B31E0418468DF580F5CFB6B91A694AADFA0010F422,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032674Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-303F-60EC-3E05-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032673Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032672Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032671Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032670Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032669Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032668Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032667Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032666Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032665Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032664Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-303F-60EC-3E05-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032663Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.958{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-303F-60EC-3E05-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032662Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.959{50946567-303F-60EC-3E05-00000000DC01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032661Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.692{50946567-303F-60EC-3D05-00000000DC01}34241940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032660Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-303F-60EC-3D05-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032659Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032658Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032657Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032656Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032655Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032654Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032653Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032652Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032651Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032650Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-303F-60EC-3D05-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032649Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.458{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-303F-60EC-3D05-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032648Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.459{50946567-303F-60EC-3D05-00000000DC01}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032647Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.443{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99201FEC0473E3FB72C029A2955E8BC9,SHA256=80034372467B036D4E0C1D76AB1B9741AA81E7412BB67F633FB013001283A6B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.527{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.527{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000076544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.459{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000076543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.459{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.459{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.459{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.459{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6,IMPHASH=06716A63D3E6F97CB489B0D6810B3519trueMicrosoft WindowsValid 734700x800000000000000076539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000076538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wininet.dll11.00.14393.4467 (rs1_release.210604-1844)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=2155253CEE186286631247CCF3C7D138,SHA256=AA97CAF5AE292D467421116F9DB4A84008A6ED868F1ADDBE06585BF3FCCEB476,IMPHASH=B3ABC7D59C2B1ACAEECA63C53B0AAC4BtrueMicrosoft WindowsValid 734700x800000000000000076537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SensApi.dll10.0.14393.0 (rs1_release.160715-1616)SENS Connectivity API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSensApi.dllMD5=DF734E991C205DC633582B8B5AD0E030,SHA256=68282D0183F3E580EF854BA0EA43686B9CD2ABA8DE61CD867224AC29C237E364,IMPHASH=E3903CEFE38192F3F5179F174FE5A2EAtrueMicrosoft WindowsValid 734700x800000000000000076536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000076535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000076534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000076533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000076532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.447{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000076531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000076530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000076529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000076528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000076524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000076523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000076522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000076521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000076511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exeC:\Program Files\Notepad++\notepad++.exe8.11Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exeMD5=3433991765511375D3EC11B4FE290298,SHA256=B30DDA913768A864106485E51682E90286D320023221F5676A42CC9B914A11F8,IMPHASH=B65402F137E08F6E43CEEF2CF25E0CC2trueNotepad++Valid 10341000x800000000000000076507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.427{8057F119-21BD-60EC-4B07-00000000DB01}58809888C:\Windows\Explorer.EXE{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Notepad++\NppShell_06.dll+4449|C:\Program Files\Notepad++\NppShell_06.dll+46a6|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+16d60c|C:\Windows\System32\SHELL32.dll+19e7e8|C:\Windows\System32\SHELL32.dll+2844a3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+16d8b0|C:\Windows\System32\SHELL32.dll+16ad2e|C:\Windows\System32\SHELL32.dll+737a1|C:\Windows\System32\SHELL32.dll+76686|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53 154100x800000000000000076501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.430{8057F119-303F-60EC-180A-00000000DB01}6428C:\Program Files\Notepad++\notepad++.exe8.11Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\ansible\AttackRangeSysmon.xml"C:\Windows\system32\ATTACKRANGE\bob{8057F119-21B7-60EC-6B46-520000000000}0x52466b3MediumMD5=3433991765511375D3EC11B4FE290298,SHA256=B30DDA913768A864106485E51682E90286D320023221F5676A42CC9B914A11F8,IMPHASH=B65402F137E08F6E43CEEF2CF25E0CC2{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\Explorer.EXE 23542300x800000000000000076500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.274{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D9ED3FB1179B0EFBBA2E2496E538314,SHA256=5FB9783EC4D8DB72502E2C53EF2721B1AB762B298FC00F5C491FDC6F7F70A030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032646Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:23.411{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E2E25D49CE2CB79CD3EE0E4D4F17CD81,SHA256=E3876C82F669DEFBD5A6C261F6F49C4D0043B3D3230651BC175F53E5EAE14B5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.006{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=425D12CA455A5729093EFBB0C4276515,SHA256=1CC368D623C1B3F1983B96108835A6FC9EDB32AF4244713DA65E72FC5F8BC7DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032691Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.755{50946567-3040-60EC-3F05-00000000DC01}6563760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032690Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3040-60EC-3F05-00000000DC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032689Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032688Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032687Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032686Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032685Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032684Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032683Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032682Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032681Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032680Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3040-60EC-3F05-00000000DC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032679Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3040-60EC-3F05-00000000DC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032678Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.603{50946567-3040-60EC-3F05-00000000DC01}656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032677Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.599{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F85FA9BBE01FF4DD1285E7F332B3C0A,SHA256=03DE6CF221ECC297D2B9DA5F9ACBC5AB9F3024DA5686B19967BA553681B6FB4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:24.457{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F84CEBC315F4F01142F0ECD72B7E95EF,SHA256=F5B1CFDB60BB6C87FFA14A59721454B0FA89B0484E7C886BBE0E919803FCFE5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:24.457{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74F98602DD1DDDD699895F7C92E1402A,SHA256=AB3D3EBD83474058DC64CFCECD74FE8C790B9BA21693D9D3D92ED8DA54DF4EAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:24.457{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ADC6B16DCD6B2ACB34A6750495A71668,SHA256=4C17C3CF3A90EB3171112AD92B4FA186BABFF42298A7F37234290697637A4452,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:23.257{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63412-false10.0.1.12-8000- 23542300x800000000000000032676Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.458{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9BE74F50FA2CF7426615768FBB4A1D7,SHA256=71014D0B47AB527F04ADBD6E4D3FC5CEA93B8A542232D852D104166B3FFD18C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032675Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:24.458{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E83782DCE4DF4F6237AF7C4F1C2A1539,SHA256=A7842520ECBA38FC3151E398F496747B951FA12E6EC4DB721D4B6B9B028D379D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032719Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4918647D6F80A553EA1BD7C3F8A6908,SHA256=7D0BFFC066E9FD88D2EEEEEED2EE725F314BE018F96A72374D095D418F7491B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032718Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3041-60EC-4105-00000000DC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032717Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032716Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032715Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032714Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032713Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032712Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032711Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032710Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032709Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032708Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3041-60EC-4105-00000000DC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032707Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.802{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3041-60EC-4105-00000000DC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032706Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.803{50946567-3041-60EC-4105-00000000DC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000076553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:25.441{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19F1F536F4D430BD23C79011163B8553,SHA256=3255E088F8223AE0251FA065FC0420718615F53827D64CD03082F6F62B94B5A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032705Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.600{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9BE74F50FA2CF7426615768FBB4A1D7,SHA256=71014D0B47AB527F04ADBD6E4D3FC5CEA93B8A542232D852D104166B3FFD18C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032704Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3041-60EC-4005-00000000DC01}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032703Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032702Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032701Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032700Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032699Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032698Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032697Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032696Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032695Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3041-60EC-4005-00000000DC01}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032694Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032693Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3041-60EC-4005-00000000DC01}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032692Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.271{50946567-3041-60EC-4005-00000000DC01}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000076552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:25.074{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032721Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:26.817{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=674D7B20ACC18D02CB8D869886699D03,SHA256=E8B1F4A62E538A22A917C990F1D42D2D8888DE8B79398471AA3F62A90C9694D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:25.195{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63413-false10.0.1.12-8089- 23542300x800000000000000076554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:26.472{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D10F379798E096848967407644381835,SHA256=52132BB8B65F680989B034B0997B4F917E5F98E993FFB012CACD1C0242AED019,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032720Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:26.021{50946567-3041-60EC-4105-00000000DC01}18921908C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:27.472{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=852929875B17B403395797D1AEB33E96,SHA256=8FD5704808E326CA9195A8F5AF35E522C596E3298B9B2C5845005B80A10695DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032722Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:27.037{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC53928AFF5FBB70064549FE5CBB989B,SHA256=4BB6D5FB92730C2FFE2066DFCF20344BE21F68A6E5ECA2B2D4E78F9974514EF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:28.487{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B4CE12FDCAC2E334C3280195E464F5,SHA256=C38876D24D02E932D8A2D1B21136FAAE990D4DCAC4C8E761EBFB9DEABEF041F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032738Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.602{50946567-3044-60EC-4205-00000000DC01}792836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000032737Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:25.590{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51606-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000032736Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3044-60EC-4205-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032735Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032734Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032733Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032732Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032731Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032730Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032729Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032728Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032727Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032726Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3044-60EC-4205-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032725Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.224{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3044-60EC-4205-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032724Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.225{50946567-3044-60EC-4205-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032723Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:28.067{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F94C100E8986623A764E3EB7275191C,SHA256=640397B9E5E70B79E26834B1AE984FA8327DF37BE7382DC051649F19017C9BD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032753Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.349{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8B460E3596F4792621C1F27C77145D6,SHA256=AF2E973A7B89FB527E9428336C0C0F921D187CA4CA9A0018D70AB91C9B9CD47B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:29.487{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73C2FF6D425E30110BB414E974BA4542,SHA256=8C6776DCFE4C547C5768D28386D8A11F9283399EDBCDDC889EEE939116BE1769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032752Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.239{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F3D19DA4591BE094E4AFD0923FA94292,SHA256=B74EA7970FEA3FBD5E262A7ED13B01DDBF42E78427B4DA909723B5E6216D7B22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032751Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3045-60EC-4305-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032750Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032749Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032748Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032747Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032746Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032745Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032744Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032743Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032742Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032741Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3045-60EC-4305-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032740Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.114{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3045-60EC-4305-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032739Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:29.115{50946567-3045-60EC-4305-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032754Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:30.583{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBE0A256FAA5FFBF3F02035E5D885E80,SHA256=7A8F6E3E45A845990C98C0D2BE717046AECB928A802565D6463C062300BB96C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.671{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1DDBF27099DE141CF07B7F2A4EDE652,SHA256=8748649FB243FEBD2C8FCD4E1D4C7ADA0CFE0B9BFA16BF81B3B11B387E6DD990,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:29.291{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63414-false10.0.1.12-8000- 10341000x800000000000000076587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.156{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.156{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.156{8057F119-21BD-60EC-4B07-00000000DB01}58803264C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.156{8057F119-21BD-60EC-4B07-00000000DB01}58803264C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.125{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000076582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.125{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000076581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.125{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.125{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.125{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000076578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.125{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000076577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.103{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.103{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.103{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-21BD-60EC-4B07-00000000DB01}58808688C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-21BD-60EC-4B07-00000000DB01}58808688C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:30.088{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x800000000000000032755Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:31.755{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=265ECB64D8BA9F3065BF5E4715C9E4CC,SHA256=A44217D4DC1E99F31BF73E364934623B9C89B026F949CDAC66B107F10745F102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.787{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D55CD6D85B3F7AD21D7BC035AA6F1D5F,SHA256=CE3D42769F053F73C5971E040925AA47D2DC3282649FC38C953AED39BA6B2977,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.398{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.398{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.382{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.382{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.382{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.382{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.332{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.332{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.332{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.332{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.331{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.331{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.271{8057F119-21BD-60EC-4307-00000000DB01}25565568C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+6e886|C:\Windows\System32\windows.storage.dll+701e8|C:\Windows\system32\windows.cortana.Desktop.dll+f6ca|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 734700x800000000000000076603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.271{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 10341000x800000000000000076602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.271{8057F119-21BD-60EC-4307-00000000DB01}25565568C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+a1970|C:\Windows\System32\windows.storage.dll+d3034|C:\Windows\System32\windows.storage.dll+d072b|C:\Windows\system32\windows.cortana.Desktop.dll+f61e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4 734700x800000000000000076601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.219{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\mapi32.dll1.0.2536.0 (rs1_release.160715-1616)Extended MAPI 1.0 for Windows NTMicrosoft® Windows® Operating SystemMicrosoft CorporationMAPI32.DLLMD5=D41D83636A9854B22E1B569C491DE769,SHA256=68DC87449773E34E069C99A842CA67221F97744A387E70715B2C429CF3DDB30D,IMPHASH=7A8CF273B252EA46A808BCC0E2715958trueMicrosoft WindowsValid 734700x800000000000000076600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.202{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\mssvp.dll7.0.14393.4467 (rs1_release.210604-1844)MSSearch Vista PlatformWindows® SearchMicrosoft Corporationmssvp.dllMD5=60C9E7CA2E1BE45E8C3E443655D897BE,SHA256=A37619B2E444E02DEAC5FF032F6B76412FBBCADA1FC53FC83A8491283660AC7B,IMPHASH=C18407C208DC9D4D35BF9CCF252D69D6trueMicrosoft WindowsValid 10341000x800000000000000076599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.202{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.202{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.155{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.155{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.155{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.155{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000076593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.155{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.155{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.140{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:31.140{8057F119-21BD-60EC-4307-00000000DB01}25568924C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 23542300x800000000000000076618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:32.802{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C25DB74419AB12C8275766C495C1B418,SHA256=160F3E06B46B2C6A790E228DBDB74BD9E079F1EDDD5011A74DFD9D6AA848DB84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032756Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:32.771{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EC6954BEB035EE8F1A011DFA0ACB451,SHA256=0B00240C26BBB089C1CB2329FF36D1FA722105BDAF5C8A24B185920AD3F41046,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032757Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:33.772{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCC8DAD16F35BE596CC556A8CC73B419,SHA256=9D268ACC110F05A1AE833F9B3FC8B9C8AE81330406AB6243C287130DD6626703,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.970{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000076651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.970{8057F119-21BD-60EC-4B07-00000000DB01}58805372C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 734700x800000000000000076650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.939{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\cscui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Client Side Caching UIMicrosoft® Windows® Operating SystemMicrosoft Corporationcscui.dllMD5=1AFE7E2522633DF86B3160B378F1ABB9,SHA256=A1BFE3136924F3E5276F5C555F51770D9C50A321572DA4F677F2C0D8D5132A76,IMPHASH=7C4C5D26A164B555C68D5F02A417A150trueMicrosoft WindowsValid 734700x800000000000000076649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.923{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\twext.dll10.0.14393.4283 (rs1_release.210303-1802)Previous Versions property pageMicrosoft® Windows® Operating SystemMicrosoft Corporationtwext.dllMD5=52DA27C0F880437C2E6DA97516D68EDD,SHA256=D90E5DE35E53C01F57BD201D483A6E03C77F76C7BC497C83F85003F937779425,IMPHASH=29C3BF5A3E76E3AC1BA5E32244E9991FtrueMicrosoft WindowsValid 10341000x800000000000000076648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.923{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.922{8057F119-21BD-60EC-4B07-00000000DB01}58803264C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.921{8057F119-21BD-60EC-4B07-00000000DB01}58803264C:\Windows\Explorer.EXE{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.921{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25565568C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+36f20|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+32f80|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+22534|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\SharedStartModel.dll+77f37|C:\Windows\System32\SharedStartModel.dll+b2d9d|C:\Windows\System32\SharedStartModel.dll+b2285|C:\Windows\System32\SharedStartModel.dll+b2801|C:\Windows\system32\windows.cortana.Desktop.dll+a80e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f 10341000x800000000000000076641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+cdc7|C:\Windows\system32\windows.cortana.Desktop.dll+aedd|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+ae11|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+cdc7|C:\Windows\system32\windows.cortana.Desktop.dll+aedd|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.886{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+ae11|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 23542300x800000000000000076633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.802{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00BAE1BD0B8AD516AB3D5D95F31203BB,SHA256=B7D80B427764D6DFAF348BEE54AB8FA7D7AC220E3D4F898A68526B4AEC3B078A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.155{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\twinui.dll10.0.14393.4467 (rs1_release.210604-1844)TWINUIMicrosoft® Windows® Operating SystemMicrosoft CorporationTWINUI.dllMD5=AD8606F36D37C4C63F09EF01156EC068,SHA256=1855C6FDA94D2070B85501CD78B5A4522674E01A6EA787352E40F12426635027,IMPHASH=B98A56301D4EF217B14C24D92F13B2B4trueMicrosoft WindowsValid 10341000x800000000000000076631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.055{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.055{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.055{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FA,IMPHASH=D919FF32201FBB7C5B3EF498D589EAE4trueMicrosoft WindowsValid 10341000x800000000000000076628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.055{8057F119-21BD-60EC-4307-00000000DB01}25565568C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+36f20|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+32f80|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+22534|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\SharedStartModel.dll+77f37|C:\Windows\System32\SharedStartModel.dll+b2d9d|C:\Windows\System32\SharedStartModel.dll+b2a24|C:\Windows\System32\SharedStartModel.dll+b2fab|C:\Windows\system32\windows.cortana.Desktop.dll+a274|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f 10341000x800000000000000076627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.039{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\SharedStartModel.dll10.0.14393.4169 (rs1_release.210107-1130)Shared Start Model InProc ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationSharedStartModel.dllMD5=1ED630477E6FEFE3C7722FDBA69D905F,SHA256=96846D692A680859F229E9E8BA01A04DB81808871F61E1D1674919DBCF333287,IMPHASH=D57A6858D1CBDF14F3CE8801F944C825trueMicrosoft WindowsValid 10341000x800000000000000076620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.023{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+cdc7|C:\Windows\system32\windows.cortana.Desktop.dll+aedd|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000076619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:33.023{8057F119-21BD-60EC-4307-00000000DB01}25562240C:\Windows\System32\RuntimeBroker.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+ae11|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 23542300x800000000000000076830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.891{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C9624D704916645A1D6C49BF72D744E,SHA256=86A645862530AB902407478E1C1CCFF927953F843160EE6635AC17B486A80AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032759Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:34.788{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA1B8318A40B7567EEBB44868749AFC1,SHA256=A65ECCDBE21949C6F0C6DAC2011E23194F37660B78490BA76489CB952D36BF80,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032758Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:31.574{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51607-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 734700x800000000000000076829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.560{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ninput.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Pen and Touch Input ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationNINPUT.DLLMD5=BF084D22F7064E686F9BBAC541C680B5,SHA256=ED2E99746A98BAB14B5B565E5D3F092143AA2D8BD0CBD08FE047B64AEF5EF440,IMPHASH=ADED91AA394AD8A3D54B5A54F35771D4trueMicrosoft WindowsValid 734700x800000000000000076828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.560{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDC,IMPHASH=AB0E9B104017117F7BE18F3C6AAC279AtrueMicrosoft WindowsValid 734700x800000000000000076827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.560{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720A,IMPHASH=7C36F76BEB38B735155D539BEBF60532trueMicrosoft WindowsValid 23542300x800000000000000076826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.544{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938876ADFC3FC27A0244F1115ADB369A,SHA256=9560600AE75D6864D5B7A381FD8A9CD0E78F83F4D8802CAA09F4794ECC233843,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.529{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.527{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.527{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.527{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wlidres.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft® Windows Live ID ResourceMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidRes.dllMD5=924564C6374F361B38AF73212C520FC0,SHA256=91FEB10B955D69A7B758EFC53C7E51A1EDE9B875F823DC41B04356CA62133D77,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000076815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.527{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.526{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.526{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.526{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\WinSCard.dll10.0.14393.2273 (rs1_release_1.180427-1811)Microsoft Smart Card APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwinscard.dllMD5=85E2B5FCB057B0476687CCFE28E589A5,SHA256=4B99A7709FAC8E9CF95AA186651BE455C0998414E2D2D807DF1B000EB26FBD15,IMPHASH=8E9831D203C36A499228D7F02C6B90D8trueMicrosoft WindowsValid 10341000x800000000000000076811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.523{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 734700x800000000000000076797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 734700x800000000000000076796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\mfsensorgroup.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Sensor Group DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfsensorgroup.dllMD5=7CB78A0BF4D6AEA6A4C367DFC7645CD0,SHA256=5504F29CAE19AF9A98D65508A350F518AEA1C66235029B1881CA765146E92D99,IMPHASH=86C22AEFE3E4067CC0F34A1D80C38807trueMicrosoft WindowsValid 734700x800000000000000076795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Media.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Media Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Media.dllMD5=D99A463FD833B801A943698AC8AF81EB,SHA256=224405AC2CEFCFBB5E2AE3D98E9A5895BB2C39C128759E2FBCC3E84335E4E6D9,IMPHASH=88691B5201F0FCC6E05D2593797A195AtrueMicrosoft WindowsValid 10341000x800000000000000076794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.506{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\DevDispItemProvider.dll10.0.14393.0 (rs1_release.160715-1616)DeviceItem inproc devquery subsystemMicrosoft® Windows® Operating SystemMicrosoft CorporationDevDispItemProvider.dllMD5=CCDEFAE1F31F9F9AED64686A143D3D0A,SHA256=CF96EB0C3422628398D218152A729221C0F5D09F287E083AE88ECD77DB2C11BC,IMPHASH=B96B407351B4F23871E4087C6E937148trueMicrosoft WindowsValid 734700x800000000000000076788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\shacct.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Shell Accounts ClassesMicrosoft® Windows® Operating SystemMicrosoft Corporationshacct.dllMD5=6C3405DC9DB5740B6B2AD3AF67031A2E,SHA256=223153AF2A71D3549CCE25D3EAA294DD44471EA8A0733E5AC1EFD7D99D03886E,IMPHASH=F9EDABA9B540C273AC125BA9D119C3AAtrueMicrosoft WindowsValid 734700x800000000000000076787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\samlib.dll10.0.14393.0 (rs1_release.160715-1616)SAM Library DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMLib.DLLMD5=4C413FEDB1B88DA18059890CE0BC95D1,SHA256=FAD279CE82D1616A533D6E5D3A20543B51FDBDDE4C764E09F6A01C8B0E44218A,IMPHASH=BF11630905AADA27934CD5411323FA5BtrueMicrosoft WindowsValid 734700x800000000000000076786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000076785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 10341000x800000000000000076782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wlidcredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Account Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidCredProvider.dllMD5=BFDFA8D6CE74D72FC3CAC3E8B6D05FB7,SHA256=172538FF3768FA97A54D4B33B7E3253F568013DF9F8102E023DEFF4CA44B2BBC,IMPHASH=AC43D6C08681C0DFDC982DCBAA555A68trueMicrosoft WindowsValid 734700x800000000000000076779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\certCredProvider.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Cert Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCredprovider.dllMD5=5C5920708E3A7386E3FB97F06A1CF6CD,SHA256=2CEBA7FEC4C2DA3384BE80CB70C5AF04F45727BDA3DEF9A79F478B071AB9FC0C,IMPHASH=A01F108876C25B588A60F1407EC75717trueMicrosoft WindowsValid 734700x800000000000000076778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.490{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ngckeyenum.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Passport Key Enumeration ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationngckeyenum.dllMD5=ACF9A79DE065065D9B9F3C060D8FD883,SHA256=72A663ED47F6354E1EF19D6E5D4BC1118B8BF699B9E112E89BBE8DC8B9D83187,IMPHASH=7408E186279579FBFF9DD5099C815B63trueMicrosoft WindowsValid 734700x800000000000000076777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.475{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\BioCredProv.dll10.0.14393.4169 (rs1_release.210107-1130)WinBio Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationBioCredProv.dllMD5=73F8BD8ED7C88C247AE1F8931FE84024,SHA256=50102694895A05D4554A54C775A033664DF7B9E51347F918E2A2FEF2F2B747C0,IMPHASH=01D3BF39F15617F2002037CAEC4CA502trueMicrosoft WindowsValid 734700x800000000000000076776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.475{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\StructuredQuery.dll7.0.14393.4169 (rs1_release.210107-1130)Structured QueryWindows® SearchMicrosoft CorporationStructuredQuery.dllMD5=330E02FA330C93B93B477AA2F88C8A3A,SHA256=958A6977B820D04D94C8FD85C23CC62D77F0498BB59A648744E8F43704FD7F26,IMPHASH=870079407DAAD548AC5B3F417EEBB243trueMicrosoft WindowsValid 734700x800000000000000076775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.475{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000076774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.475{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000076773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.475{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ngccredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Passport Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationngccredprov.dllMD5=5125FB8AD27095A89651EFE26DF82B8F,SHA256=B49A3E4B223B5737ABB834DA077E2F525B8D5A4E7A226134AD23B19BD20DA5B5,IMPHASH=BD5237271CB2F0AA3004D8AC0791F836trueMicrosoft WindowsValid 734700x800000000000000076772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.475{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1F,IMPHASH=518BBC26E9BA87459E80712401FEE077trueMicrosoft WindowsValid 734700x800000000000000076771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.460{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDA,IMPHASH=CA757A840D91610BF593E8A2814EB9B3trueMicrosoft WindowsValid 734700x800000000000000076770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.460{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Devices.Enumeration.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Devices.EnumerationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Devices.Enumeration.dllMD5=4C62915A0F4A5D426D857C5DEC342AE9,SHA256=371A5B33833D0433F525EF0A0E61B7EFE5F91142F814241AB291C178B055BCB3,IMPHASH=19CB1EC42DBF9C106DE4DE251E31017EtrueMicrosoft WindowsValid 734700x800000000000000076769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.460{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\facecredentialprovider.dll10.0.14393.4169 (rs1_release.210107-1130)Face Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationFaceCredentialProvider.dllMD5=75568151502F3012E5A0B28D53517B21,SHA256=6CD897692F27AF5291034213CFA48CF0A0517C33A5A23ED270F12DDE98FB32D9,IMPHASH=A57735F3674892C8A813AC842EA6CFAFtrueMicrosoft WindowsValid 734700x800000000000000076768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.460{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\cngcredui.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft CNG CredUI ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcngcredui.dllMD5=FE84C1709B761FFCFA7F4340FA451A65,SHA256=329D2D141C9C0ECC68C12E8B68D0413C396F47C83C85621A410773D8BB1A494C,IMPHASH=9AEED300060E76958D7D2ED9F8BF8EDFtrueMicrosoft WindowsValid 734700x800000000000000076767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.460{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\credprovs.dll10.0.14393.4169 (rs1_release.210107-1130)Credential ProvidersMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovs.dllMD5=913EF3B2F5DF7C749774F6FF3B054C11,SHA256=4E3F665593865080E37EA4F3108102FD222C2DECE3841F178EAF29A9CCB59C2C,IMPHASH=4D8C135A6C32D5E52CB9D0ED6F5E66D4trueMicrosoft WindowsValid 734700x800000000000000076766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.445{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\credprovslegacy.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Providers LegacyMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovslegacy.dllMD5=C54FE5EE50B5B797FFCFCC1B00A0076C,SHA256=2676BC00EB97E8BC4F3052EF09106DA33FA33CECC66D179164B3B2FE9DEFD9F6,IMPHASH=350AE9643284403B93B04574B73914E7trueMicrosoft WindowsValid 734700x800000000000000076765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.445{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\threadpoolwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows WinRT ThreadpoolMicrosoft® Windows® Operating SystemMicrosoft Corporationthreadpoolwinrt.dllMD5=4D271D6FA08E19B78A99F948FB012F44,SHA256=92D9A5BC0F95FDE6BA83D17925122815BDF3803D949112852C3D97CFBA16D219,IMPHASH=0E03F54121A53AD6BC839C0721A3CECCtrueMicrosoft WindowsValid 734700x800000000000000076764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.428{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\SmartcardCredentialProvider.dll10.0.14393.2248 (rs1_release.180427-1804)Windows Smartcard Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationSmartcardCredentialProvider.dllMD5=89F3FE0276D7A31BA02AC3366F964FEE,SHA256=EE1AC8484F240304375600A1B95B64670D660EEC8E3D9F49D7782505D38E28B2,IMPHASH=634A0E8BBEC2A27265F521A876EDBBDAtrueMicrosoft WindowsValid 734700x800000000000000076763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.428{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.428{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9,IMPHASH=D27BDFF964B5FDB8A5E9B0599333826BtrueMicrosoft WindowsValid 734700x800000000000000076761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.428{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\credprovhost.dll10.0.14393.4402 (rs1_release.210426-1725)Credential Provider Framework HostMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovhost.dllMD5=D64A4C4E4CDB8DD6128D4EFAC4118353,SHA256=A503771EBD077D5C5C2EFF2499E074A8B05099A59D68E7668F403EB6DC4A902A,IMPHASH=2B8D4C5C44B72C4C63973FFAB9046281trueMicrosoft WindowsValid 734700x800000000000000076760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.428{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\CredProvDataModel.dll10.0.14393.4169 (rs1_release.210107-1130)Cred Prov Data ModelMicrosoft® Windows® Operating SystemMicrosoft CorporationCredProvDataModel.dllMD5=6B8B71ABE125771FEE8A44D0F941CEF3,SHA256=1C7C0865C8BD4CD12867432AC71144923344F596EFA2D7C42DD9EF37F508F519,IMPHASH=E95B43892FF230687F925F53516FD6F3trueMicrosoft WindowsValid 734700x800000000000000076759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.374{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 10341000x800000000000000076758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.390{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.390{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.390{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.357{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159A,IMPHASH=D9F27AFFC8B05CE56A2B9B9CD5B4C9B5trueMicrosoft WindowsValid 734700x800000000000000076754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.357{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Logon User Experience Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Internal.UI.Logon.ProxyStub.dllMD5=BA676D9CAC156F110C3E109367BC3E0C,SHA256=1B4D4D75C4E651BDC6077679581B5246667A2E63171FEB9B8566B1A638683D79,IMPHASH=652A046C44C4B1CC212802D3079219D4trueMicrosoft WindowsValid 734700x800000000000000076753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.341{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\FontGlyphAnimator.dll10.0.14393.4169 (rs1_release.210107-1130)Font Glyph AnimatorMicrosoft® Windows® Operating SystemMicrosoft CorporationFontGlyphAnimator.dllMD5=3179BAF869C1815F2A39438DD5EFD620,SHA256=7A89DD1B6F0DCF16AF14A03EA04718DAAD8FE01E97C61933BD81E6371251AA31,IMPHASH=50CFAE7BE5DDFAF9B3957BA4D337BEADtrueMicrosoft WindowsValid 734700x800000000000000076752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.326{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85F,IMPHASH=0280A5811869EFED56B453A140477D51trueMicrosoft WindowsValid 734700x800000000000000076751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.326{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=BB0ECCB8A72B5926A58433666145D459,SHA256=9C082B0EF00A6E174062634F0421B1179D27BC9077A5C0B1FEB2AA74DBAC2E68,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 23542300x800000000000000076750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.326{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E07E990F46761DCEAD832FE8423A65AA,SHA256=7E57AF7300E69B9DC81012397AFC52694E634EB27030BC24C77B8575F79B5781,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.288{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187E,IMPHASH=5F8C6AF7D0781F35A516AEB072DAD045trueMicrosoft WindowsValid 734700x800000000000000076748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.288{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x800000000000000076747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.288{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000076746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.288{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x800000000000000076745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.288{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000076744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.273{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000076743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.257{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000076742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.257{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4283 (rs1_release.210303-1802)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=4331AC493E264AF1378E0082194D07A5,SHA256=81B8E123110B9C7A34957B9176791AD86EA874315D4555FDC85CF20975E08D99,IMPHASH=C0750252600F63F4BA1D73794E8FE8C0trueMicrosoft WindowsValid 734700x800000000000000076741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.257{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\CoreMessaging.dll10.0.14393.3930Microsoft CoreMessaging DllMicrosoft® Windows® Operating SystemMicrosoft CorporationCoreMessaging.dllMD5=3D9D2F367587B2E93F2868F52D4ACBDD,SHA256=B4B27A7D4B9B685B6015D090B6A3E0E578AFBDE8D6C06A8F2E606A439D5A4BA4,IMPHASH=92CA7117B99353AC45978E95EEB5A46DtrueMicrosoft WindowsValid 734700x800000000000000076740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.257{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Xaml.dll10.0.14393.4470 (rs1_release_inmarket.210704-1611)Windows.UI.Xaml dllMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Xaml.dllMD5=6F79837DE63E915AAE0672450E93FB5A,SHA256=2169B1FAEF092332F4B72F142E2FECC8554A0E2756715711F5E15431784A5261,IMPHASH=B872FEAB4926DE1D74C3DF5AC4E62C2CtrueMicrosoft WindowsValid 734700x800000000000000076739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.241{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000076738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.241{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628,IMPHASH=31EA1856BC7597303D8126028BBFDFB8trueMicrosoft WindowsValid 734700x800000000000000076737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.241{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 734700x800000000000000076736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.241{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\MrmCoreR.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows MRMMicrosoft® Windows® Operating SystemMicrosoft CorporationMrmCore.dllMD5=D730B5700BEB4A7E6E4244684356739C,SHA256=26083BEB490E48F5711D69A0E597B7A4CC6FB4B31EDCD535A0FF0DFBE4E6F8DD,IMPHASH=462A9FA6F44F25C68798F197AC8EC9D9trueMicrosoft WindowsValid 734700x800000000000000076735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.173{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\MMDevAPI.dll10.0.14393.4169 (rs1_release.210107-1130)MMDevice APIMicrosoft® Windows® Operating SystemMicrosoft CorporationMMDevAPI.DllMD5=CF179D8A655703FDD273891432EBF588,SHA256=722863E48713AEDC9E7EA95C181CAAA389B147BCE51A7E815F0D4189AF92B6E8,IMPHASH=A9DFEC2D392C78A08CC45D2B95165EEAtrueMicrosoft WindowsValid 734700x800000000000000076734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.226{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wincorlib.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows ® WinRT core libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwincorlib.DLLMD5=F08F4542548A5CD4F521491164598021,SHA256=D60844E5A091DD42CB1BC03CA76B8BBAF55C5B1A9EC3F1403AB241DDE36CA630,IMPHASH=7118E177B350BBAD51DE9533CF52B852trueMicrosoft WindowsValid 734700x800000000000000076733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.157{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000076732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.204{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Cred.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Prompt User ExperienceMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Cred.dllMD5=78EED0861A739C42B882A074C8C6EB66,SHA256=3BFDDC668D78212AACD74DE956A004582DBA1FBC9DDFB3B3FF9368F3FF16991A,IMPHASH=937A04AFF9E2F1B9DE53D1339BC71147trueMicrosoft WindowsValid 734700x800000000000000076731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.204{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.XamlHost.dll10.0.14393.4169 (rs1_release.210107-1130)XAML HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.XamlHost.dllMD5=3EF300C64E57C482FEC2A62454CC45BC,SHA256=CED0EEE32D019EAF1BE70190B87FA9858054DEE20DE77EF0BDC67C2B8B0DD669,IMPHASH=76C7A23349305BC2F339502E1330DC92trueMicrosoft WindowsValid 734700x800000000000000076730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.204{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 734700x800000000000000076729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.204{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7E,IMPHASH=945C5ACF3D7F6243AD6374B1152227D8trueMicrosoft WindowsValid 734700x800000000000000076728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.188{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.CredDialogController.dll10.0.14393.4169 (rs1_release.210107-1130)Credential UX Dialog ControllerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.CredDialogController.dllMD5=914E180859851B8FF502A541C5EE5C1F,SHA256=4139824AE8D81F519CE57E46F7514D82A42BEBE8A3971B32666CF2A2AC8390F8,IMPHASH=36C915CDD5835C99A10F8B3C525E4356trueMicrosoft WindowsValid 734700x800000000000000076727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.188{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\WinTypes.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=F26A1B9400B1B37D899B01DA8DE809F7,SHA256=F0AFDE11FE0C22D0A25CA4F5A07FEDDC6D3014902360566575E4AB5C164AB8E0,IMPHASH=58F905117CF0434AF54A7CD9D43EEF30trueMicrosoft WindowsValid 734700x800000000000000076726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.173{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000076725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.173{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x800000000000000076724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.173{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\AudioSes.dll10.0.14393.4169 (rs1_release.210107-1130)Audio SessionMicrosoft® Windows® Operating SystemMicrosoft CorporationAudioSes.DllMD5=4B97F920560452EC199062492055FF4C,SHA256=FF75E4970C94C270783461F9696829E3159E5254C818E3F86AE521018B1EF055,IMPHASH=18FC7797E056AFF42D40FF05B182DB5AtrueMicrosoft WindowsValid 734700x800000000000000076723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.157{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.157{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wincredui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User Internal InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwincredui.dllMD5=27B7A3DDE710FEC067E7AADBB396FDCC,SHA256=BE73F24E4E7E5002A78784D60F82840B42FB2AAD593623D00535E0403B01EAED,IMPHASH=5BF8C42D151FC064CDF2E863454964AAtrueMicrosoft WindowsValid 734700x800000000000000076721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.157{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\credui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationcredui.dllMD5=F3EA67955C81EDC0351A4E7418EEEAF4,SHA256=1DC9FF6C665A376789094BF59DCF125A7BE0280D798C74C0853AD1D808104F5D,IMPHASH=4559CD65117B2CEA951EAA739A2320C9trueMicrosoft WindowsValid 23542300x800000000000000076720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.122{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C4E9DE74FDC107526BBE93B84F524B7,SHA256=9672051900DDA0F6732AED5362061DD5E39D142B3506B6AF8256AEE5D2884C0C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.120{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000076718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.119{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 10341000x800000000000000076717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.102{8057F119-08A1-60EC-1400-00000000DB01}10762196C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x100040C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+63c9|c:\windows\system32\cryptsvc.dll+62d1|c:\windows\system32\cryptsvc.dll+5e56|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.086{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000076715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.086{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.086{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.086{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.086{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.086{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 10341000x800000000000000076710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.070{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.070{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.070{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.070{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000076706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 10341000x800000000000000076705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}60609328C:\Windows\system32\consent.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x70C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\consent.exe+1452|C:\Windows\system32\consent.exe+3ca7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000076703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000076701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000076699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000076698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000076697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000076696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msutb.dll10.0.14393.953 (rs1_release_inmarket.170303-1614)MSUTB Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSUTB.DLLMD5=17CD28B5081E8C9D25228987EDD4E4F4,SHA256=7AA14D2F375CCB4A57053144BC826132938C66ADDB282C940F736F3C6E358DA5,IMPHASH=C2050C3A907779B8B143FA73DD6A1241trueMicrosoft WindowsValid 734700x800000000000000076693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000076692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000076691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000076689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.055{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570,IMPHASH=2E790E44628AED89C2CC17E1E4A5CE1CtrueMicrosoft WindowsValid 734700x800000000000000076687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000076686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000076685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\MsCtfMonitor.dll10.0.14393.0 (rs1_release.160715-1616)MsCtfMonitor DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMsCtfMonitor.DLLMD5=81BC8DBCD544B8837BCBC5CAD0C9CA08,SHA256=C67286427B136D36F2785B3DF169B8D3E820ADCD1C836B69770439A9456A2E8E,IMPHASH=9B989CE38CE9C40F828E034B46B8E9F3trueMicrosoft WindowsValid 734700x800000000000000076684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000076683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\wmsgapi.dll10.0.14393.0 (rs1_release.160715-1616)WinLogon IPC ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationWMsgAPI.DLLMD5=F057E6CFED6521141F9E2AA786FEBF9E,SHA256=FE15ADCBC8E9B129BC09FEC47A89A487F5D9E537DC05674C413A8D9D84860535,IMPHASH=0070F559678E041C453782364C13F0C2trueMicrosoft WindowsValid 734700x800000000000000076681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131,IMPHASH=6FEE5278940E0EA644D3641165D77874trueMicrosoft WindowsValid 734700x800000000000000076680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000076679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000076678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000076677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x800000000000000076668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000076667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.039{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\consent.exe10.0.14393.4169 (rs1_release.210107-1130)Consent UI for administrative applicationsMicrosoft® Windows® Operating SystemMicrosoft Corporationconsent.exeMD5=2D39786DACCF1721F552F3195E72766E,SHA256=D1FAD06A025FEBDD896A8B17182F31CCD4F92EBA8C696485FFF77C0823CFF723,IMPHASH=9E56AB88B9592E0AEB5042020D43259CtrueMicrosoft WindowsValid 10341000x800000000000000076663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.023{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.023{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.023{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.023{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.023{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.023{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+2c4f|c:\windows\system32\appinfo.dll+4026|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.002{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\msi.dll5.0.14393.4350Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=DEC633243BDCEAD0E3BDDDAFBC933F02,SHA256=FC9AFA9CDD6ECC1194C1532F37AF6FEE9E888DC5D2056BCE0C59538A389FC9DE,IMPHASH=702DDC1509DE604C8D612A66E9E39DACtrueMicrosoft WindowsValid 734700x800000000000000076656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.002{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\sfc.dll10.0.14393.0 (rs1_release.160715-1616)Windows File ProtectionMicrosoft® Windows® Operating SystemMicrosoft Corporationsfc.dllMD5=22BEEEDFF247B8F90252646C91E775E5,SHA256=10F0FF6F6F21CCC3343BCBCC9B5158A95EC328C1C21F3B9482C688848B89E1DD,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.002{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\acppage.dll10.0.14393.4169 (rs1_release.210107-1130)Compatibility Tab Shell Extension LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationacppage.dllMD5=A160D66CED8CFE5D47AA93EB23042BBD,SHA256=172A7CA4C3A65A7DE15797219B6CB29F867074C2E62874EFDFBE1F52970EA8E9,IMPHASH=FC3DD41461C2A75DF5F9BB15953B5B4FtrueMicrosoft WindowsValid 734700x800000000000000076654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.002{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\synceng.dll10.0.14393.0 (rs1_release.160715-1616)Windows Briefcase EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationSYNCENG.DLLMD5=A683B60F1A5FAC27D1173F937403ED1B,SHA256=57450827A7F7D880F236F27A1D92654A3284842226539A26F311CFA736083571,IMPHASH=0A2DBAAA924DBD2D0A4335D1E0E9A7C9trueMicrosoft WindowsValid 734700x800000000000000076653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.002{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\syncui.dll10.0.14393.2608 (rs1_release.181024-1742)Windows BriefcaseMicrosoft® Windows® Operating SystemMicrosoft CorporationSYNCUI.DLLMD5=D3CD7E690590A1AD564C832DFE1A1922,SHA256=F3CB2B362A0970B106D8B5F27F80D019931090D3ED579C72182163502BA212B7,IMPHASH=39745F2E08404A86C1D135E2AB69B2B1trueMicrosoft WindowsValid 23542300x800000000000000076848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.928{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C09527AC2FB1F3942EB788E8B99E1A8,SHA256=AD480A35009CFDFB03AF73CC8CFBB5EF90EAD32BEF88125E772CC6CF3CE3B901,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032760Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:35.803{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7906DBF91B5FF974F4B7D4CFCAEAD36A,SHA256=9A858EA073E84C2E3CD67397256C884647FCAF6792B4BDD7F8E210CA39259D7D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.660{8057F119-21BD-60EC-4407-00000000DB01}42449892C:\Windows\system32\sihost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+756d|C:\Windows\system32\activationmanager.dll+b93d|C:\Windows\System32\twinui.appcore.dll+3df1|C:\Windows\SYSTEM32\twinapi.appcore.dll+2accd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.660{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|c:\windows\system32\bisrv.dll+1d9ff|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000076845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.644{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 354300x800000000000000076833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:34.309{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63415-false10.0.1.12-8000- 23542300x800000000000000076832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.044{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02EB9AC6B06F4C91C6135985460E13F8,SHA256=5E1F85583B3F25CA4C9ABFC775FDAD842EB1002EFE81E87E8D3F3D4870AB874F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:35.044{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F84CEBC315F4F01142F0ECD72B7E95EF,SHA256=F5B1CFDB60BB6C87FFA14A59721454B0FA89B0484E7C886BBE0E919803FCFE5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:36.944{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADDD8054EE7C362AA8F2BCEAFD2B3532,SHA256=0B6F7FAD0AA89427D5AAC0281E5C4BF408B9783F212B1E852AF7F03EA8EFC1F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032761Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:36.819{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B2880B2C9E6B4CE4FFAC4AD8678429A,SHA256=DBBB3D2B39B9D22D2E76E235CB8CD7DBF5566C892278A7FC946F293EAC203DD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:37.958{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48DEA72C87C69E35DA2D071ABA7C0D2F,SHA256=7E3047CB5EC9EAD639E3EC3110EC977D1AFCBD8534D26D854522209307D78E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032762Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:37.835{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1253AE77B0438E08F4D7A67CF8097743,SHA256=E76F6FB22B53CB59C2D78C290131E3B290118B2E35BA9DFD8C52DA1C0324D045,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:38.973{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BD5B92A37582461E63B26E242DFFF6B,SHA256=8EA2528763438601EF8F69E4DB5F604986403CFE03B556140A2E4B7F40A902BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032763Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:38.850{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37DC4EED367420E5CDA9CF9F7D370326,SHA256=D0AA1B878753B671FEF01F43DD2CF29E6594D861EABA252A9A68A2F9DA373D28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.988{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B79A224CB7C47E4D2BBB9C4DE90BCD3,SHA256=BDAF7A8A49ECEEA2EAD7C20495778C44C92551EE5098F0DFF568F45709052CE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032765Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:39.852{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE8BD70F86FE0DC33C538039D8DACA47,SHA256=5B83EB47ED7584B65B8995812E4AAF8D13EE166EA0851ABB37F5603DBB646908,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.405{8057F119-21BD-60EC-4407-00000000DB01}42449892C:\Windows\system32\sihost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.223{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.223{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.223{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.223{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.222{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:39.222{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 354300x800000000000000032764Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:37.388{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51608-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032766Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:40.866{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCF5A799414EA3C35866FA160A994DCF,SHA256=A3D6F241024746ECF9B1D4E7ECA2306B2F4E7B9CC1181C5E2AF50C974D09CA65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032767Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:41.897{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0183E2730BB972B261F7265C0CF0CFF,SHA256=BA843EE9FC0DA662B98C38146E7C331941D9930EF36821DB0FC26F1649551B3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000076887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:40.255{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63416-false10.0.1.12-8000- 10341000x800000000000000076886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.188{8057F119-21BD-60EC-4307-00000000DB01}25566272C:\Windows\System32\RuntimeBroker.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+a1970|C:\Windows\System32\windows.storage.dll+59c7f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000076885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.188{8057F119-21BD-60EC-4407-00000000DB01}42449892C:\Windows\system32\sihost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+756d|C:\Windows\system32\activationmanager.dll+b93d|C:\Windows\System32\twinui.appcore.dll+3df1|C:\Windows\SYSTEM32\twinapi.appcore.dll+2accd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.188{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|c:\windows\system32\bisrv.dll+1d9ff|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000076883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}840208C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-300F-60EC-100A-00000000DB01}4940C:\Windows\system32\backgroundTaskHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000076872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.172{8057F119-08A1-60EC-0C00-00000000DB01}8402420C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x800000000000000076871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:41.021{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE7676A0C097023644085496BED07DC7,SHA256=5859DD949BB4D491B8A03BB93F16507B24F231FF8737D3AF74483C4059F7C0BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032768Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:42.944{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD81E2D2C90072A7BF42F2359B76812E,SHA256=59BD89C29A4936BB8319020A30807108547B8586099947C2154EE7DC7A3EE93F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.387{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.372{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.372{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.372{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.356{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.356{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.356{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.356{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000076888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:42.071{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C30344F4301F98AC7F08812C7016D93A,SHA256=2591A46F6A80EDA0A3ACC4DB79999A0D8354669DA527362A358F71A698B50A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032769Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:43.991{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA0280019D5F3CE7E1EE9F2B0032801F,SHA256=8B00CB3F0770B0C7540BCA96D301BD174D377520A46FCDF0885102BF249CB882,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:43.087{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=197DB028EA8DE6B271A50879E552B9D6,SHA256=F2BE9DB6C129D0E5F2727D38A81AD9F201826C9E1563B2ACAC8E2076342161E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:44.371{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:44.102{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E68C5DF66DAF3F5E1AC2BE12C07E5E13,SHA256=EB5BAA87DDD305AEAD8385D4B635CA25081B160BC971135426C59552217C0ACD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032771Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:43.404{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51609-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032770Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:45.038{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00435876DB4F894E0CDF3CE815C29EF6,SHA256=AF6387C3189BCA685F2D17304CDA600BC9C27427AFDE75F45CADE9E689F8E94C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000076948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.970{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000076947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.970{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000076946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.970{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000076945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000076944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000076939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.955{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000076926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000076912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000076907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.939{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.940{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000076900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:45.121{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EEF64578918939BA3CC872BB47383E7,SHA256=8EF01063BFFDB7F44F4E254BA53562A146CA0B4FD376058A7B55CBF882DFB21B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032772Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:46.288{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CE1ECCEEED49C0594C4E31510523D42,SHA256=0D70D81AF470B3E3BD0C655814AE03083CE52D655E9AB1AAEAFC194AD5B2CB18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.939{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8BF1EDC3094681B280DB15AC9D09EFDF,SHA256=62C298E9CD466978AB104FC05FCC028359168EA420E71925973906AF6143B293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.939{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02EB9AC6B06F4C91C6135985460E13F8,SHA256=5E1F85583B3F25CA4C9ABFC775FDAD842EB1002EFE81E87E8D3F3D4870AB874F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.786{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.786{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000077005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.786{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000077004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000077000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000076999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000076998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000076997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000076996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000076995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000076994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000076993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000076992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000076991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000076990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000076989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.554{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000076988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000076987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000076986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000076985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000076984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000076983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000076982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000076981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000076980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000076979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000076978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000076977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000076976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000076974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000076973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000076972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000076971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000076970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000076969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000076968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000076967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000076966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000076965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000076964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000076962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000076961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000076960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000076959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.542{8057F119-3056-60EC-1B0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000076952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.538{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33F33560504E8D8D7955810EB2553EE0,SHA256=44C429A5AB747D5E30FAF33F0BE455AA56E2682E33D10BD1F05EEED442B5A1F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.201{8057F119-3055-60EC-1A0A-00000000DB01}94041748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000076950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.201{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000076949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.201{8057F119-3055-60EC-1A0A-00000000DB01}9404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000032773Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:47.506{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF876BA41F018A8A55212FF29A055464,SHA256=1BF5DEB278E0A6FD4F8D5D7AEFC2C67628325098015F4E7698AAD787357F62E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:46.253{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63417-false10.0.1.12-8000- 734700x800000000000000077062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.508{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.507{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000077060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.506{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000077059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.270{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FB91BE3A4E347B27D5479502D2D47AA,SHA256=10AFCBE04909E2C23928CC74A82E5055A336E5A2A09482269414549E363878DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.201{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51EEF0B09C74BA32DE53493D7037E530,SHA256=10DB50041F972AA7DF4550D46F38EBC3C2C8A81BCF3F7FC15D814E4F6E5C1DC3,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.186{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.186{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.186{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.170{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000077053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.170{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.170{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000077051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.170{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.170{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000077049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000077048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000077040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000077038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000077035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000077034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000077032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000077031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000077030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000077029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000077026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000077025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000077023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000077022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000077021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000077016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.154{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:47.156{8057F119-3057-60EC-1C0A-00000000DB01}10116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032774Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:48.678{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=595A7AE28E2C9CDB29DDE29509BE950B,SHA256=9287A9AB962CB16FB97745484170502901B87309609F1AC6096DBDD5D675FB2F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.819{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exeC:\Windows\System32\winbrand.dll10.0.14393.2515 (rs1_release_1.180830-1044)Windows Branding ResourcesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinbrand.dllMD5=CDA73668510FF0BA02967236A857CE7B,SHA256=24ADC4950116C2E3994450465B305D469B78F687EAADCBC167A8C4ECD4907306,IMPHASH=2C424150D7AE913E28B879B06042C9F2trueMicrosoft WindowsValid 734700x800000000000000077192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.819{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 23542300x800000000000000077191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.817{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5320537905F46E3D278E7E17F4E7CD08,SHA256=6C0A8B0A79A1E6BBD822474AAFD2B067B6DE496994CD7E3212A2E8EBD07FF9A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.814{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.798{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.798{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.781{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+105f4|C:\Windows\Explorer.EXE+1e118|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.766{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 10341000x800000000000000077185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.766{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.766{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.766{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000077182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.766{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 23542300x800000000000000077181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.750{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A58FA238CD60DA42FF14897F033F30,SHA256=A3F667ECEC1EC0901B4A8371BCA35ED0AF1C8D0BFCCB9C0A1BA623CB4D929114,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.750{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000077179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.750{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.750{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.750{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000077176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000077174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000077173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000077172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000077171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000077168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000077167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}70728392C:\Windows\system32\conhost.exe{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000077165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000077163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000077160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.734{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\ConhostV2.dll10.0.14393.4402 (rs1_release.210426-1725)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=EBEFEF1FE2B0D6FF2595203DADE100C9,SHA256=70F4BB4198467DA8E2FD7AF475536B3F2FD1B3E56CEE7E376D0303C149C449F9,IMPHASH=49A59B06FE5B10F21E36B588430BFDB3trueMicrosoft WindowsValid 734700x800000000000000077151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000077150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-200A-00000000DB01}7072C:\Windows\System32\conhost.exeC:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0,IMPHASH=2C980A4DA7C717CC670CB9E1D2C4D733trueMicrosoft WindowsValid 10341000x800000000000000077145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37AtrueMicrosoft WindowsValid 10341000x800000000000000077140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.719{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+3c57|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.722{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" C:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3058-60EC-7B5C-870000000000}0x875c7b3HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding 734700x800000000000000077133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000077131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 734700x800000000000000077129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000077128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000077122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.697{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000077112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.681{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1E0A-00000000DB01}10080C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.666{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.666{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000077106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000077104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-08A1-60EC-1600-00000000DB01}12365984C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000077101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000077100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000077098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000077093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.650{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x800000000000000077087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000077082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.634{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3058-60EC-1D0A-00000000DB01}8732C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.619{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.619{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.619{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.619{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.597{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.597{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.597{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.597{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.597{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.597{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.496{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FF,IMPHASH=6691D3D33C2662107A11540A5A994674trueMicrosoft WindowsValid 10341000x800000000000000077069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.449{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.449{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.281{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CB8A3789AAD69CD92B71B5C1C013CEF,SHA256=1F9E3E5A4A1B48BEF47B8A11DCD391D992F4AFFC7F38456F5CA032439BCA21AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.165{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8BF1EDC3094681B280DB15AC9D09EFDF,SHA256=62C298E9CD466978AB104FC05FCC028359168EA420E71925973906AF6143B293,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.034{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000077064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:48.019{8057F119-304A-60EC-190A-00000000DB01}6060C:\Windows\System32\consent.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AE,IMPHASH=52045AC79DBE663F06AB7C9717524D40trueMicrosoft WindowsValid 23542300x800000000000000032775Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:49.694{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F0743BB048CE6442E6F22925B794B85,SHA256=8630409109F23B63D1ED1E08B85A24E5775B2B67B287059A9C6B6E96AC8B566A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000077298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000077296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.902{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000077294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000077293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000077287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000077285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000077280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000077279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000077278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000077276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000077275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000077274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000077271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000077269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000077268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000077267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000077266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000077261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.887{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.888{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000077254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.671{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B6416EA9A5CF12C6BCBFFD5DA8165DF8,SHA256=FD36F7E61C9D3F44AA74379AFA775FB0AD39F56B6BFBFC8B62100658B4589307,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.671{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=18090F3567D3D893534D18E360CB4E64,SHA256=D37B5D0A228A1ABAC9C1C4DF6854B8EEB83D559AED69A8BB8DBC81B5C26EA42A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.671{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B4B11787FA8AD58EC68D1FD65F711BE,SHA256=D04347E836A153E8D4FEBF62A30211ECC056FB4ECED4FF88036B0393CDF1353F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.623{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000077250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.622{8057F119-3059-60EC-210A-00000000DB01}96208736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.622{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000077248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.621{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000077247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.613{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF073DE2C9160969FBC390F75606556E,SHA256=BF5EF6D0DA894F6D4E4C5487DAA0B8A2BD538FB66DFE7858B80C36FFDCAEA60E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.572{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000077245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.572{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000077244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.572{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 10341000x800000000000000077243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.571{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 23542300x800000000000000077242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.571{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF9b3fd5.TMPMD5=D02E65C42AD32F3ABC147AE7AB968251,SHA256=E8818DF00616D25228108A1EFC74316126A1FE625A120883CCA21C9468504286,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.413{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000077237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000077235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000077233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000077232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.397{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000077224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000077223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000077220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000077218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000077216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000077215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000077214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000077211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000077209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000077208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000077207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000077206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000077201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.382{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.384{8057F119-3059-60EC-210A-00000000DB01}9620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000077194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.282{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCF6768B2F3CC60DA10F9E294F5814B6,SHA256=EF5E19DA0FAC40D110A544CF3C36A10B4283B32AD08E6FC9CCBBF85C295E8B89,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032777Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:48.466{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51610-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032776Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:50.710{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21D2F4E61917755144B94500B5CE1108,SHA256=C7048781A28B2EEAC772A4E94080DC3D5DE833701A58DE510D7A57C566BD9DCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.803{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15E713E52D4AA3276E307BFD58192CEB,SHA256=5E3026CDC9FA0B20FA176FEE97B065B4063C5E04A70F86E99FFAC106075EC9A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.803{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=97C08B35411D77EDEABBC0AEB66FD40E,SHA256=F1CE527D10EBF7646D79F522FB4894935A5B4A9B6D3988307957B971514021C8,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.771{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000077423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.771{8057F119-305A-60EC-230A-00000000DB01}6448308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.771{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000077421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.771{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000077420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.587{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000077416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000077414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.571{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000077412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000077411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000077405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000077402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000077398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000077397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000077396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000077394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000077393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000077392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000077388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000077387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000077386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000077385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000077381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000077379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.555{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.556{8057F119-305A-60EC-230A-00000000DB01}644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000077373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.502{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.118{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000077305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.118{8057F119-3059-60EC-220A-00000000DB01}91325768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.118{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000077303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:50.118{8057F119-3059-60EC-220A-00000000DB01}9132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000032778Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:51.741{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD4A80DE05DBB8B0223DCFBEBBEDF66F,SHA256=3C9B1FC451150A1A6CF38514B60A538D3E1E2FDB1306125958100D99001E697D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.891{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63418-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000077429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:49.891{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63418-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000077428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:51.518{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09A92E5F12A231AB05C239ED90BDF26A,SHA256=BC4E9992D7BDEFBFB8E216BE6C6BC12F870CD8A662D1D726C2B048DEB1FB9946,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:51.040{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D6A9DAFAF57D4AAC54EFA749271A9FF,SHA256=ED822B04DAA0AC709122842C2216D92D67D78D83550BE14E9CB2E1C644B9CA4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032779Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:52.803{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E247423ABD49DF490C9C7F67704AE352,SHA256=0F852F8B27054BBFBFE82B4A2AE775CB80AAB162E25D9E5154331EF1766E26DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:52.518{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E85D9437456784A71BB8492A011CB8B1,SHA256=44527FE7F11DD115FCCC321F48BA910CC03613A8A6070BD401F54457AB5EA79C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032780Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:53.807{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE4A855CE1DB0B76ED488F983BEE8EA4,SHA256=5EE3E7715A383610BD179258C96BFFB0D597A355A1613F1C68628D686656E31A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.502{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.502{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000077480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.502{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000077479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000077475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000077474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.202{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000077472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000077471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000077469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000077468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000077467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000077465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000077463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000077462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000077460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000077459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000077456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000077455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000077454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.187{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000077452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000077443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 10341000x800000000000000077441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000077438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000077434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.171{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:53.172{8057F119-305D-60EC-240A-00000000DB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032781Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:54.807{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3031E17B95CB7766837A897F37D2D82D,SHA256=A1D281F3B4133E7CD5A04303460B7E2342A28F04EBA6ABA62E137331B86D30AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:54.189{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4145FA63FC92E7C13DABA66BB80EE2E7,SHA256=694D1196EA78B24E3967F42B43EE900146191D7D6D15D880D55B3F453BBD65F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:54.036{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDFE184BB6DD5AED922494106C84D19E,SHA256=9F725598F7942F09034297F8EFD8317BF801CD0BADF3487C84F8DCFB55F45EFF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:52.223{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63419-false10.0.1.12-8000- 23542300x800000000000000032782Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:55.854{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=720B151C8DE69E8EAB5A687DE4ECAF67,SHA256=90E3ACD591C7E8DC0DF4E4834DF78F50D6DCD6F2BB0E47AAF09211A1B3E3E60F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:55.940{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:55.020{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1C4BC2F326FEDF1CC521830EF89CE4C,SHA256=83D06F460EAFAB13B2C05EC516CD4759A4C000C1001B3BDD2DC0A2BCB487AE32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032783Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:56.885{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F33E9534E912B3477130569560AE5CBE,SHA256=7EB61DEF63F7A25D7E2D16C0EBE93E1630C1098B3747B0D7C1D2A3CB185B8583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:56.037{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE59E984B0C2A16F24B14B5223400DBA,SHA256=0670547C83AF9FFD1D356C0B23968A8CC7AA6B70AF330DCFC6FDA13563CF4E96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032785Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:57.916{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=763618931B70AE9F2D0066932D212583,SHA256=E063A3FB4FA711195B9E9540DF44EE735F97CDABCB22C188300AEDDD6CE1BE24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:57.055{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=222EF18EA6EF2929075DEB8D177F29A8,SHA256=B4F1B63EF073D232E8BF5D232EEEA2D0AC5D0BAC44399F06CAEC3DF356424C1A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032784Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:54.486{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51611-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000077491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:57.322{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63420-false10.0.1.12-8000- 23542300x800000000000000077490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:58.071{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA211A2932FC6D94E595E1BE34A0F073,SHA256=5093564D86E0416A8C09B5058AE998BFCFE2B6D6C8103FE4D77C2DA361B97D14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:06:59.085{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EDA9EB3AA74D65C9950256E99FA32D1,SHA256=B916A79BD9AFADFA7CC76FDD1D46ED6663A0309CA4051BBA250CA825BAB649A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032786Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:59.088{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA7F9C5398472F3BFC67CA0C7AC9AB59,SHA256=A6E76A0CFCEDA96A5E8DA3FA1C5669A90F298E8447B2D3F1539E244770D6BF8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:00.116{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AAFD446B98AED07188ADF33FB1DCE06,SHA256=E6707D45D91DF8B190CCA1BC34793C5BF09DF4E48FC3EF7488A1FBD7FE14640A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032787Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:00.104{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59B5A99B7F940C22C5C1F816739F6FE5,SHA256=3EDC734DC63CFBE0BB80251D6F6D884594476A3839E0B7CE272E71A6A0D8516C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032788Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:01.120{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96CFB67FF9064BAD4BEAC3DAE25B23E8,SHA256=5D4AC14653E64AC01F87E263A0D97CE5A4F09821BF6C0B4CFCAC4A2ADD0E7A3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:01.118{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D37C0FB5EA964755C9A360A9484FD83,SHA256=B2C6A5A458924428E3E2B8B78043E3F67C9C31680488EF9AEF4135C1F059223A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:02.118{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43FDAE2696B0DCD70383DC47235B99E9,SHA256=3018D17DC04ED8B544E004EDD08FA711AFA59C133C64A51D7C8973B1C71DD6E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032790Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:06:59.549{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51612-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032789Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:02.135{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91163876ECE2AC28F066FDDD751D1475,SHA256=3C372C4424C2315149653B11A42424EFC63055AAFCF15F53BC2878A053AC1616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:03.137{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F5B20DD052CA0E98A6C2136575DFACA,SHA256=E72AD5E348E26AAFD35A035637AD05C1F2D8D8096B3C9890485260CBF0B37594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032792Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:03.166{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032791Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:03.151{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECBE4661C283906B4CC7E9ED068CDCE0,SHA256=FED42539E4B4EF25057F021387A9ED46CB50EAD088AB0B330EC1C10CAE5F4E02,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032794Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:02.501{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51613-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000032793Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:04.260{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=833309346E79EA50D1961078C072D374,SHA256=4A8C126DE8E430904315031DA6BBEA2AC29609D5E42632B7728145C94907A314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:04.155{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C36ED59BC1A837F8DEDA75D74835EB04,SHA256=368D5615B1A4BA0D4FE26528CEFDC427503D45B5C3A53A86774643E9D4A88C75,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:05.418{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000077501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:05.402{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000077500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:05.402{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 23542300x800000000000000077499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:05.156{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D3ACCFEFAF07802E883514282D47EFA,SHA256=6ACCE41BEED70C3789D93D0BA4B1A604DB63FB13E344BE48A08A2311BFAB5B3C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:03.353{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63421-false10.0.1.12-8000- 23542300x800000000000000032795Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:05.262{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EFD569347EBC33E21A939611044B3AA,SHA256=8061FB056487C64E40BB26F64C15157AEDE76706F7C30AA6F9E38D75B2BE5247,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032796Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:06.289{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24F4EC30D63DCA9F48A340E659B5B8D9,SHA256=0B530C148B77A67F35689652D149370B878498C47849F74F9FE1D195EFE6FD0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:06.170{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8308E0242C42A8471BA46819C59F23E,SHA256=9EA2FEE5989D37988B61C3AFD814BF9DB998DFEA922A0B29135F21A15C69BB41,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032798Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:05.531{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51614-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032797Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:07.323{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AC5648537828FFD5F950BBF4B87BB88,SHA256=80D47510AA361E9F0F0622A96983DF888C9CC98D836ACEEBC299F5D727C5E148,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:07.273{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:07.172{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85327E869DD116573B6E9C5DADFFD35B,SHA256=75081FCF5673171AD836D2BD28132700B6303C9CFA304ED84F3F8A4472E20689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032799Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:08.479{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5F2852B32B6BE30968B968E838FAF9C,SHA256=98DE0A3B8E209E8561B7578CA42D6BBFB3FBC5FA0DE4A8697C195F600FE7D141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:08.172{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76546CC262A8C8210CAD2AE354063EB7,SHA256=B0572DFA873C60CF849B475106FF7716A5070801FD618C76A84DAA8A6CF10492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032800Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:09.713{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3DF800B870E42B97ACF64F025D30F0E,SHA256=5D7827545852E76E0C1BD6137FBE8DAED3F2247C19DFA10FBB2BD326C7505EA5,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000077573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigHashSHA256=6CB860173BB84A23AF5BD277EFC158888C79D09394E85CE599DA68D96DB29343 13241300x800000000000000077572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigFileC:\Program Files\ansible\AttackRangeSysmon.xml 16341600x800000000000000077571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local2021-07-12 12:07:09.424C:\Program Files\ansible\AttackRangeSysmon.xmlSHA256=6CB860173BB84A23AF5BD277EFC158888C79D09394E85CE599DA68D96DB29343 13241300x800000000000000077570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\RulesBinary Data 13241300x800000000000000077569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\DnsLookupBinary Data 13241300x800000000000000077568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\CheckRevocationBinary Data 13241300x800000000000000077567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\HashingAlgorithmDWORD (0x8000000e) 13241300x800000000000000077566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\OptionsDWORD (0x00000007) 12241200x800000000000000077565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:07:09.424{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\Rules 12241200x800000000000000077564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:07:09.408{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\DnsLookup 12241200x800000000000000077563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:07:09.408{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\CheckRevocation 12241200x800000000000000077562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:07:09.408{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\HashingAlgorithm 12241200x800000000000000077561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:07:09.408{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\Options 734700x800000000000000077560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.408{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000077559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.308{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msxml6.dll6.30.14393.4467MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=ECF3F9FC612FED875FC8A10052F82CE3,SHA256=9A06876BCFF61CFBE46F80EC76A61E66D80D734607D9503B4162840DE2039F16,IMPHASH=A74F148CA887740D0E045C70ACC762EBtrueMicrosoft WindowsValid 734700x800000000000000077558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.293{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000077557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000077556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 734700x800000000000000077555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000077554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000077552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000077551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000077550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\mintdh.dll10.0.14393.0 (rs1_release.160715-1616)Event Trace Helper LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmintdh.dllMD5=32254E75260F1CAE3AB9EAC044B344B7,SHA256=B714E3CDEB23E63894D62E9335F51E301A9093F263623CCEFA2F674AABE7D629,IMPHASH=92D4FBE8F70FD95D329EA4882A8C3278trueMicrosoft WindowsValid 734700x800000000000000077548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000077544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000077543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000077542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000077541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000077540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000077539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6,IMPHASH=06716A63D3E6F97CB489B0D6810B3519trueMicrosoft WindowsValid 734700x800000000000000077538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.279{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\tdh.dll10.0.14393.4283 (rs1_release.210303-1802)Event Trace Helper LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationtdh.dllMD5=18D509F5788831270FCDA4D11E023E37,SHA256=08965C78D75432D1E1199E8162B3FB3FE11D89945B69BA48DE6F595FB280E52F,IMPHASH=E0A9B1840595F8507313FB797C5187E6trueMicrosoft WindowsValid 734700x800000000000000077537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000077532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000077531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000077528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000077521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000077520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000077519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-3058-60EC-200A-00000000DB01}70728392C:\Windows\system32\conhost.exe{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-MD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7AtrueMicrosoft CorporationValid 10341000x800000000000000077514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.261{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.246{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.246{8057F119-3058-60EC-1F0A-00000000DB01}57762460C:\Windows\system32\cmd.exe{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.191{8057F119-306D-60EC-250A-00000000DB01}9724C:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c "C:\Program Files\ansible\AttackRangeSysmon.xml"C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{8057F119-3058-60EC-7B5C-870000000000}0x875c7b3HighMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x800000000000000077507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.187{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24679C78E4FDA5F5B210F637FE4303E3,SHA256=ECE56EB46EDC9B180FF7CB23211CC2EE7C9F43D4E8F32591E0426852AD2ED4AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032801Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:10.948{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=048EE47B5009CAE41F0871FE5EA1CB42,SHA256=E13D1E599429511109AD54352F65CB099A8242CC45096FEEC4E04552F6DDF4C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:10.677{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=951D602C2ABB36F5F6BB7B301DDA9D24,SHA256=1A9467C93B078753A9626A5FB2066A21717D08B1ECDF2ACE4C00C6EC03451282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:10.209{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96737777AF146DDEBF87004110EFEB6E,SHA256=EC770C93EFDC7E9B16C6BF83AA3EFD86B5996B8038F26AC019C6746D39B17A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:10.209{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04056AFFB5E86DEBECECC1D4BBC37B89,SHA256=D1617641E22C2827EB6100C42ECD4F08EE8DA60C19F5631E195239B1A2368390,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:11.243{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62A787CD361AFF09D44674C8A9BA0EE4,SHA256=CF287659402F5EB8C50CC217C16AD491CBE39EAA1E2F3D460CB945687F15B65A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:09.255{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63422-false10.0.1.12-8000- 23542300x800000000000000077579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:12.276{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=621E060D366DD6910936C051E3BC0A19,SHA256=F38A0B229C764991EB9E2A96CE489F38CE129B48B7FE494CE832CD31DAC77B72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032802Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:12.182{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C539866118B3C83DAE9EBD1B0046824,SHA256=CD6C448CD0105CD0B542714F0C64D2CCB9CCA472E1EBDAB07040F23A943D3451,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:13.738{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:13.644{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000077582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:13.617{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000077581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:13.617{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 23542300x800000000000000077580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:13.291{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56C338039726C887CFFDDCA649527167,SHA256=74DA72A904F0EDD9C9B8AA9D1A6C468C6C4DE6DEC18BFD0288DD98283CE54571,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032804Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:11.564{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51615-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032803Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:13.260{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A70CA792C17926D26F186672D1C686A5,SHA256=8A8672C2B017CB301156FD82C6DAA7F0541AA0E70BB1E6B1370BF8748EDD7979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032805Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:14.272{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E872ACDE9CD8D393E519FC8D185D989E,SHA256=FB2159CFD397AF895A1E668F99A7072ECC6BDC76963DFA0BE1506A49EB30560A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.906{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=892114BB5EC652429A169520463B99BD,SHA256=AFF2A734D7040B5908CD127A00D6A6256650E1DCB57619C460D55EBCAF59C1D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.859{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F54FC52FFB6CD281824EF5E5A794B0D,SHA256=4FA2124028BC31CEFDD465A6B2FD90406932AAC41D11549AAE4B0439CAE2991D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.806{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ninput.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Pen and Touch Input ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationNINPUT.DLLMD5=BF084D22F7064E686F9BBAC541C680B5,SHA256=ED2E99746A98BAB14B5B565E5D3F092143AA2D8BD0CBD08FE047B64AEF5EF440,IMPHASH=ADED91AA394AD8A3D54B5A54F35771D4trueMicrosoft WindowsValid 734700x800000000000000077755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.806{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDC,IMPHASH=AB0E9B104017117F7BE18F3C6AAC279AtrueMicrosoft WindowsValid 734700x800000000000000077754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.806{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720A,IMPHASH=7C36F76BEB38B735155D539BEBF60532trueMicrosoft WindowsValid 10341000x800000000000000077753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.775{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wlidres.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft® Windows Live ID ResourceMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidRes.dllMD5=924564C6374F361B38AF73212C520FC0,SHA256=91FEB10B955D69A7B758EFC53C7E51A1EDE9B875F823DC41B04356CA62133D77,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000077743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\WinSCard.dll10.0.14393.2273 (rs1_release_1.180427-1811)Microsoft Smart Card APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwinscard.dllMD5=85E2B5FCB057B0476687CCFE28E589A5,SHA256=4B99A7709FAC8E9CF95AA186651BE455C0998414E2D2D807DF1B000EB26FBD15,IMPHASH=8E9831D203C36A499228D7F02C6B90D8trueMicrosoft WindowsValid 10341000x800000000000000077740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 10341000x800000000000000077730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.759{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 734700x800000000000000077728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\mfsensorgroup.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Sensor Group DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfsensorgroup.dllMD5=7CB78A0BF4D6AEA6A4C367DFC7645CD0,SHA256=5504F29CAE19AF9A98D65508A350F518AEA1C66235029B1881CA765146E92D99,IMPHASH=86C22AEFE3E4067CC0F34A1D80C38807trueMicrosoft WindowsValid 734700x800000000000000077727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Media.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Media Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Media.dllMD5=D99A463FD833B801A943698AC8AF81EB,SHA256=224405AC2CEFCFBB5E2AE3D98E9A5895BB2C39C128759E2FBCC3E84335E4E6D9,IMPHASH=88691B5201F0FCC6E05D2593797A195AtrueMicrosoft WindowsValid 734700x800000000000000077726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 10341000x800000000000000077725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159A,IMPHASH=D9F27AFFC8B05CE56A2B9B9CD5B4C9B5trueMicrosoft WindowsValid 10341000x800000000000000077722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\threadpoolwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows WinRT ThreadpoolMicrosoft® Windows® Operating SystemMicrosoft Corporationthreadpoolwinrt.dllMD5=4D271D6FA08E19B78A99F948FB012F44,SHA256=92D9A5BC0F95FDE6BA83D17925122815BDF3803D949112852C3D97CFBA16D219,IMPHASH=0E03F54121A53AD6BC839C0721A3CECCtrueMicrosoft WindowsValid 10341000x800000000000000077719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.744{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\DevDispItemProvider.dll10.0.14393.0 (rs1_release.160715-1616)DeviceItem inproc devquery subsystemMicrosoft® Windows® Operating SystemMicrosoft CorporationDevDispItemProvider.dllMD5=CCDEFAE1F31F9F9AED64686A143D3D0A,SHA256=CF96EB0C3422628398D218152A729221C0F5D09F287E083AE88ECD77DB2C11BC,IMPHASH=B96B407351B4F23871E4087C6E937148trueMicrosoft WindowsValid 10341000x800000000000000077715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.743{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.743{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.742{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.742{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.741{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.739{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\shacct.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Shell Accounts ClassesMicrosoft® Windows® Operating SystemMicrosoft Corporationshacct.dllMD5=6C3405DC9DB5740B6B2AD3AF67031A2E,SHA256=223153AF2A71D3549CCE25D3EAA294DD44471EA8A0733E5AC1EFD7D99D03886E,IMPHASH=F9EDABA9B540C273AC125BA9D119C3AAtrueMicrosoft WindowsValid 734700x800000000000000077709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\samlib.dll10.0.14393.0 (rs1_release.160715-1616)SAM Library DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMLib.DLLMD5=4C413FEDB1B88DA18059890CE0BC95D1,SHA256=FAD279CE82D1616A533D6E5D3A20543B51FDBDDE4C764E09F6A01C8B0E44218A,IMPHASH=BF11630905AADA27934CD5411323FA5BtrueMicrosoft WindowsValid 734700x800000000000000077708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000077707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 10341000x800000000000000077704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wlidcredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Account Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidCredProvider.dllMD5=BFDFA8D6CE74D72FC3CAC3E8B6D05FB7,SHA256=172538FF3768FA97A54D4B33B7E3253F568013DF9F8102E023DEFF4CA44B2BBC,IMPHASH=AC43D6C08681C0DFDC982DCBAA555A68trueMicrosoft WindowsValid 734700x800000000000000077701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.721{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\certCredProvider.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Cert Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCredprovider.dllMD5=5C5920708E3A7386E3FB97F06A1CF6CD,SHA256=2CEBA7FEC4C2DA3384BE80CB70C5AF04F45727BDA3DEF9A79F478B071AB9FC0C,IMPHASH=A01F108876C25B588A60F1407EC75717trueMicrosoft WindowsValid 734700x800000000000000077700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ngckeyenum.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Passport Key Enumeration ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationngckeyenum.dllMD5=ACF9A79DE065065D9B9F3C060D8FD883,SHA256=72A663ED47F6354E1EF19D6E5D4BC1118B8BF699B9E112E89BBE8DC8B9D83187,IMPHASH=7408E186279579FBFF9DD5099C815B63trueMicrosoft WindowsValid 734700x800000000000000077699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\BioCredProv.dll10.0.14393.4169 (rs1_release.210107-1130)WinBio Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationBioCredProv.dllMD5=73F8BD8ED7C88C247AE1F8931FE84024,SHA256=50102694895A05D4554A54C775A033664DF7B9E51347F918E2A2FEF2F2B747C0,IMPHASH=01D3BF39F15617F2002037CAEC4CA502trueMicrosoft WindowsValid 734700x800000000000000077698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\StructuredQuery.dll7.0.14393.4169 (rs1_release.210107-1130)Structured QueryWindows® SearchMicrosoft CorporationStructuredQuery.dllMD5=330E02FA330C93B93B477AA2F88C8A3A,SHA256=958A6977B820D04D94C8FD85C23CC62D77F0498BB59A648744E8F43704FD7F26,IMPHASH=870079407DAAD548AC5B3F417EEBB243trueMicrosoft WindowsValid 734700x800000000000000077697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000077696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000077695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ngccredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Passport Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationngccredprov.dllMD5=5125FB8AD27095A89651EFE26DF82B8F,SHA256=B49A3E4B223B5737ABB834DA077E2F525B8D5A4E7A226134AD23B19BD20DA5B5,IMPHASH=BD5237271CB2F0AA3004D8AC0791F836trueMicrosoft WindowsValid 734700x800000000000000077694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1F,IMPHASH=518BBC26E9BA87459E80712401FEE077trueMicrosoft WindowsValid 734700x800000000000000077693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDA,IMPHASH=CA757A840D91610BF593E8A2814EB9B3trueMicrosoft WindowsValid 734700x800000000000000077692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Devices.Enumeration.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Devices.EnumerationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Devices.Enumeration.dllMD5=4C62915A0F4A5D426D857C5DEC342AE9,SHA256=371A5B33833D0433F525EF0A0E61B7EFE5F91142F814241AB291C178B055BCB3,IMPHASH=19CB1EC42DBF9C106DE4DE251E31017EtrueMicrosoft WindowsValid 734700x800000000000000077691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\facecredentialprovider.dll10.0.14393.4169 (rs1_release.210107-1130)Face Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationFaceCredentialProvider.dllMD5=75568151502F3012E5A0B28D53517B21,SHA256=6CD897692F27AF5291034213CFA48CF0A0517C33A5A23ED270F12DDE98FB32D9,IMPHASH=A57735F3674892C8A813AC842EA6CFAFtrueMicrosoft WindowsValid 734700x800000000000000077690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\cngcredui.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft CNG CredUI ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcngcredui.dllMD5=FE84C1709B761FFCFA7F4340FA451A65,SHA256=329D2D141C9C0ECC68C12E8B68D0413C396F47C83C85621A410773D8BB1A494C,IMPHASH=9AEED300060E76958D7D2ED9F8BF8EDFtrueMicrosoft WindowsValid 734700x800000000000000077689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\credprovs.dll10.0.14393.4169 (rs1_release.210107-1130)Credential ProvidersMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovs.dllMD5=913EF3B2F5DF7C749774F6FF3B054C11,SHA256=4E3F665593865080E37EA4F3108102FD222C2DECE3841F178EAF29A9CCB59C2C,IMPHASH=4D8C135A6C32D5E52CB9D0ED6F5E66D4trueMicrosoft WindowsValid 734700x800000000000000077688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\credprovslegacy.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Providers LegacyMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovslegacy.dllMD5=C54FE5EE50B5B797FFCFCC1B00A0076C,SHA256=2676BC00EB97E8BC4F3052EF09106DA33FA33CECC66D179164B3B2FE9DEFD9F6,IMPHASH=350AE9643284403B93B04574B73914E7trueMicrosoft WindowsValid 734700x800000000000000077687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.706{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\SmartcardCredentialProvider.dll10.0.14393.2248 (rs1_release.180427-1804)Windows Smartcard Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationSmartcardCredentialProvider.dllMD5=89F3FE0276D7A31BA02AC3366F964FEE,SHA256=EE1AC8484F240304375600A1B95B64670D660EEC8E3D9F49D7782505D38E28B2,IMPHASH=634A0E8BBEC2A27265F521A876EDBBDAtrueMicrosoft WindowsValid 734700x800000000000000077686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.690{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000077685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.690{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9,IMPHASH=D27BDFF964B5FDB8A5E9B0599333826BtrueMicrosoft WindowsValid 734700x800000000000000077684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.690{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\credprovhost.dll10.0.14393.4402 (rs1_release.210426-1725)Credential Provider Framework HostMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovhost.dllMD5=D64A4C4E4CDB8DD6128D4EFAC4118353,SHA256=A503771EBD077D5C5C2EFF2499E074A8B05099A59D68E7668F403EB6DC4A902A,IMPHASH=2B8D4C5C44B72C4C63973FFAB9046281trueMicrosoft WindowsValid 734700x800000000000000077683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.690{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\CredProvDataModel.dll10.0.14393.4169 (rs1_release.210107-1130)Cred Prov Data ModelMicrosoft® Windows® Operating SystemMicrosoft CorporationCredProvDataModel.dllMD5=6B8B71ABE125771FEE8A44D0F941CEF3,SHA256=1C7C0865C8BD4CD12867432AC71144923344F596EFA2D7C42DD9EF37F508F519,IMPHASH=E95B43892FF230687F925F53516FD6F3trueMicrosoft WindowsValid 734700x800000000000000077682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.690{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Logon User Experience Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Internal.UI.Logon.ProxyStub.dllMD5=BA676D9CAC156F110C3E109367BC3E0C,SHA256=1B4D4D75C4E651BDC6077679581B5246667A2E63171FEB9B8566B1A638683D79,IMPHASH=652A046C44C4B1CC212802D3079219D4trueMicrosoft WindowsValid 734700x800000000000000077681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.677{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\FontGlyphAnimator.dll10.0.14393.4169 (rs1_release.210107-1130)Font Glyph AnimatorMicrosoft® Windows® Operating SystemMicrosoft CorporationFontGlyphAnimator.dllMD5=3179BAF869C1815F2A39438DD5EFD620,SHA256=7A89DD1B6F0DCF16AF14A03EA04718DAAD8FE01E97C61933BD81E6371251AA31,IMPHASH=50CFAE7BE5DDFAF9B3957BA4D337BEADtrueMicrosoft WindowsValid 734700x800000000000000077680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.659{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85F,IMPHASH=0280A5811869EFED56B453A140477D51trueMicrosoft WindowsValid 734700x800000000000000077679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.659{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=BB0ECCB8A72B5926A58433666145D459,SHA256=9C082B0EF00A6E174062634F0421B1179D27BC9077A5C0B1FEB2AA74DBAC2E68,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 23542300x800000000000000077678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.659{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C54BE403E4D5375E5754707A09639835,SHA256=A9C7839DDA0ACE60D504CE15200439C2A8E91CBE27813D103AA0C9205F4090B1,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187E,IMPHASH=5F8C6AF7D0781F35A516AEB072DAD045trueMicrosoft WindowsValid 734700x800000000000000077676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x800000000000000077675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000077674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x800000000000000077673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000077672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000077671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.643{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000077670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.642{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4283 (rs1_release.210303-1802)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=4331AC493E264AF1378E0082194D07A5,SHA256=81B8E123110B9C7A34957B9176791AD86EA874315D4555FDC85CF20975E08D99,IMPHASH=C0750252600F63F4BA1D73794E8FE8C0trueMicrosoft WindowsValid 734700x800000000000000077669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.640{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\CoreMessaging.dll10.0.14393.3930Microsoft CoreMessaging DllMicrosoft® Windows® Operating SystemMicrosoft CorporationCoreMessaging.dllMD5=3D9D2F367587B2E93F2868F52D4ACBDD,SHA256=B4B27A7D4B9B685B6015D090B6A3E0E578AFBDE8D6C06A8F2E606A439D5A4BA4,IMPHASH=92CA7117B99353AC45978E95EEB5A46DtrueMicrosoft WindowsValid 734700x800000000000000077668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.640{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Xaml.dll10.0.14393.4470 (rs1_release_inmarket.210704-1611)Windows.UI.Xaml dllMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Xaml.dllMD5=6F79837DE63E915AAE0672450E93FB5A,SHA256=2169B1FAEF092332F4B72F142E2FECC8554A0E2756715711F5E15431784A5261,IMPHASH=B872FEAB4926DE1D74C3DF5AC4E62C2CtrueMicrosoft WindowsValid 734700x800000000000000077667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.637{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000077666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628,IMPHASH=31EA1856BC7597303D8126028BBFDFB8trueMicrosoft WindowsValid 734700x800000000000000077665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 734700x800000000000000077664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\MrmCoreR.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows MRMMicrosoft® Windows® Operating SystemMicrosoft CorporationMrmCore.dllMD5=D730B5700BEB4A7E6E4244684356739C,SHA256=26083BEB490E48F5711D69A0E597B7A4CC6FB4B31EDCD535A0FF0DFBE4E6F8DD,IMPHASH=462A9FA6F44F25C68798F197AC8EC9D9trueMicrosoft WindowsValid 734700x800000000000000077663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wincorlib.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows ® WinRT core libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwincorlib.DLLMD5=F08F4542548A5CD4F521491164598021,SHA256=D60844E5A091DD42CB1BC03CA76B8BBAF55C5B1A9EC3F1403AB241DDE36CA630,IMPHASH=7118E177B350BBAD51DE9533CF52B852trueMicrosoft WindowsValid 734700x800000000000000077662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Cred.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Prompt User ExperienceMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Cred.dllMD5=78EED0861A739C42B882A074C8C6EB66,SHA256=3BFDDC668D78212AACD74DE956A004582DBA1FBC9DDFB3B3FF9368F3FF16991A,IMPHASH=937A04AFF9E2F1B9DE53D1339BC71147trueMicrosoft WindowsValid 734700x800000000000000077661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.XamlHost.dll10.0.14393.4169 (rs1_release.210107-1130)XAML HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.XamlHost.dllMD5=3EF300C64E57C482FEC2A62454CC45BC,SHA256=CED0EEE32D019EAF1BE70190B87FA9858054DEE20DE77EF0BDC67C2B8B0DD669,IMPHASH=76C7A23349305BC2F339502E1330DC92trueMicrosoft WindowsValid 734700x800000000000000077660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.622{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7E,IMPHASH=945C5ACF3D7F6243AD6374B1152227D8trueMicrosoft WindowsValid 734700x800000000000000077659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.CredDialogController.dll10.0.14393.4169 (rs1_release.210107-1130)Credential UX Dialog ControllerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.CredDialogController.dllMD5=914E180859851B8FF502A541C5EE5C1F,SHA256=4139824AE8D81F519CE57E46F7514D82A42BEBE8A3971B32666CF2A2AC8390F8,IMPHASH=36C915CDD5835C99A10F8B3C525E4356trueMicrosoft WindowsValid 734700x800000000000000077658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 734700x800000000000000077657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wincredui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User Internal InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwincredui.dllMD5=27B7A3DDE710FEC067E7AADBB396FDCC,SHA256=BE73F24E4E7E5002A78784D60F82840B42FB2AAD593623D00535E0403B01EAED,IMPHASH=5BF8C42D151FC064CDF2E863454964AAtrueMicrosoft WindowsValid 734700x800000000000000077655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x800000000000000077654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000077653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\MMDevAPI.dll10.0.14393.4169 (rs1_release.210107-1130)MMDevice APIMicrosoft® Windows® Operating SystemMicrosoft CorporationMMDevAPI.DllMD5=CF179D8A655703FDD273891432EBF588,SHA256=722863E48713AEDC9E7EA95C181CAAA389B147BCE51A7E815F0D4189AF92B6E8,IMPHASH=A9DFEC2D392C78A08CC45D2B95165EEAtrueMicrosoft WindowsValid 734700x800000000000000077652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\WinTypes.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=F26A1B9400B1B37D899B01DA8DE809F7,SHA256=F0AFDE11FE0C22D0A25CA4F5A07FEDDC6D3014902360566575E4AB5C164AB8E0,IMPHASH=58F905117CF0434AF54A7CD9D43EEF30trueMicrosoft WindowsValid 734700x800000000000000077651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\AudioSes.dll10.0.14393.4169 (rs1_release.210107-1130)Audio SessionMicrosoft® Windows® Operating SystemMicrosoft CorporationAudioSes.DllMD5=4B97F920560452EC199062492055FF4C,SHA256=FF75E4970C94C270783461F9696829E3159E5254C818E3F86AE521018B1EF055,IMPHASH=18FC7797E056AFF42D40FF05B182DB5AtrueMicrosoft WindowsValid 734700x800000000000000077650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\credui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationcredui.dllMD5=F3EA67955C81EDC0351A4E7418EEEAF4,SHA256=1DC9FF6C665A376789094BF59DCF125A7BE0280D798C74C0853AD1D808104F5D,IMPHASH=4559CD65117B2CEA951EAA739A2320C9trueMicrosoft WindowsValid 734700x800000000000000077649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000077648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000077647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.606{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 10341000x800000000000000077646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.590{8057F119-08A1-60EC-1400-00000000DB01}10762196C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x100040C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+63c9|c:\windows\system32\cryptsvc.dll+62d1|c:\windows\system32\cryptsvc.dll+5e56|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000077644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000077643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000077641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000077640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 10341000x800000000000000077639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.575{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 10341000x800000000000000077635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}101168796C:\Windows\system32\consent.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x70C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\consent.exe+1452|C:\Windows\system32\consent.exe+3ca7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000077633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000077631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000077629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000077628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000077627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000077626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msutb.dll10.0.14393.953 (rs1_release_inmarket.170303-1614)MSUTB Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSUTB.DLLMD5=17CD28B5081E8C9D25228987EDD4E4F4,SHA256=7AA14D2F375CCB4A57053144BC826132938C66ADDB282C940F736F3C6E358DA5,IMPHASH=C2050C3A907779B8B143FA73DD6A1241trueMicrosoft WindowsValid 734700x800000000000000077623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000077622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000077619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000077618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000077617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570,IMPHASH=2E790E44628AED89C2CC17E1E4A5CE1CtrueMicrosoft WindowsValid 734700x800000000000000077616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\MsCtfMonitor.dll10.0.14393.0 (rs1_release.160715-1616)MsCtfMonitor DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMsCtfMonitor.DLLMD5=81BC8DBCD544B8837BCBC5CAD0C9CA08,SHA256=C67286427B136D36F2785B3DF169B8D3E820ADCD1C836B69770439A9456A2E8E,IMPHASH=9B989CE38CE9C40F828E034B46B8E9F3trueMicrosoft WindowsValid 734700x800000000000000077615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000077614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131,IMPHASH=6FEE5278940E0EA644D3641165D77874trueMicrosoft WindowsValid 734700x800000000000000077612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\wmsgapi.dll10.0.14393.0 (rs1_release.160715-1616)WinLogon IPC ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationWMsgAPI.DLLMD5=F057E6CFED6521141F9E2AA786FEBF9E,SHA256=FE15ADCBC8E9B129BC09FEC47A89A487F5D9E537DC05674C413A8D9D84860535,IMPHASH=0070F559678E041C453782364C13F0C2trueMicrosoft WindowsValid 734700x800000000000000077611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.559{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000077610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000077609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000077607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000077606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x800000000000000077597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\consent.exe10.0.14393.4169 (rs1_release.210107-1130)Consent UI for administrative applicationsMicrosoft® Windows® Operating SystemMicrosoft Corporationconsent.exeMD5=2D39786DACCF1721F552F3195E72766E,SHA256=D1FAD06A025FEBDD896A8B17182F31CCD4F92EBA8C696485FFF77C0823CFF723,IMPHASH=9E56AB88B9592E0AEB5042020D43259CtrueMicrosoft WindowsValid 10341000x800000000000000077592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-08A1-60EC-0C00-00000000DB01}8402616C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+2c4f|c:\windows\system32\appinfo.dll+4026|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.543{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1014c0C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\appinfo.dll+33d8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.322{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3E244EFE5D911226AFA9CB87120C6F5,SHA256=2532EEBDFB8EA60F4B3FF3E2D21ABE6C8DDCAC44CCD3C0110003ABFEF24F62D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:15.559{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0A81DBC0DCB0B3F0D664283698871388,SHA256=F45D4DF08F78D9916BE60D5C1B78BD94F02E3E0DE45E9C8766B266E4080A274D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:15.559{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96737777AF146DDEBF87004110EFEB6E,SHA256=EC770C93EFDC7E9B16C6BF83AA3EFD86B5996B8038F26AC019C6746D39B17A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:15.359{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B9807759910DA819D4F7025B160053F,SHA256=7851FF9214905CC73C7FDF60BF47C5B38EA3BBB7D2D8E40E7D0C949B90BA9440,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032806Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:15.288{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46BAFB9832A1B6A06CD9B658C1CE6DB5,SHA256=1839DC3D265F5E4C6F0774172414EB2F357D8C381BB50CE8FE5A5DEFA5B6AF32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:16.373{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28C34CAB03249FCD43704E7091225E7D,SHA256=666F9C061418A72A58217FC0F2F498F24337F4CD3E290E44E4FB63410E14D423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032807Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:16.303{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D695FAA767BB16A63D182AF21E7F76B2,SHA256=0FB412F4B21EFEC81167F173EA836EFBEACF16402FF3138E7A18738C4E8B5555,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:14.374{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63423-false10.0.1.12-8000- 23542300x800000000000000032808Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:17.319{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D3BAE717E5FE22F21B56CBEBB90B9CD,SHA256=DEA490A91CAAB2C2DBF93009440FE37DECEB37ED58D0C46FD4ABB95A5D39DEB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:17.404{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DD43D0BB5A238AF12D211557B38EA58,SHA256=AB350DB9C0C612047BB9E345B4E13CD0890DE1A98E799E3A8CDC46B482600E07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032809Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:18.444{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4390E21E696C709E4686DC8859262B8F,SHA256=E1A2399E530CA06959802959807AAF89011B420A9D2D492FB6C06BC5CE1ACBAA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.519{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.472{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.472{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.456{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.456{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.456{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.456{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.456{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.456{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.441{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.441{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000077765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:18.419{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ADB0F4B2802EB913FFC4249413BF5AB,SHA256=B0880D2966A1ACAA34C2FBB7FCB3015832AE88DDE49BCF7DDCBD2C65E61F0620,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032810Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:19.678{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED7BB7C3631A84F5DF733F2330901F24,SHA256=FEB6DC3A8F97A9BDCB8E81E8AE78E9E6CBC25A462B71D1F94EC3C9565315818C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:19.440{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7501BFA68F755FC5589F639C63AA269B,SHA256=E779FC14DA167A8049F975BA3BE57DE6F096135A18EE6B9699B3C79AFD4EB2D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032812Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:20.913{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0274A0E7AF190940AA7F1AB212F96A25,SHA256=F241577116F9D21A4365E046468A97877FE85B5C9D2AD325B71E77D76E417738,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:20.455{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0791E1962A4BC407F817CE781075F01,SHA256=0447F34E78C3479C7FB75D1E1E8E08CCD43466E83BDB67EA20D930E17EEDB73D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:20.455{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000032811Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:17.404{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51616-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 734700x800000000000000077788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.954{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FF,IMPHASH=6691D3D33C2662107A11540A5A994674trueMicrosoft WindowsValid 10341000x800000000000000077787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.917{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.917{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.854{8057F119-08A1-60EC-1600-00000000DB01}12369132C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.854{8057F119-08A1-60EC-1600-00000000DB01}12369132C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.717{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000077782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.701{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\System32\consent.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AE,IMPHASH=52045AC79DBE663F06AB7C9717524D40trueMicrosoft WindowsValid 23542300x800000000000000077781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:21.470{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=927BCA4B655666C6F4C108F25BD12EA9,SHA256=0D5634368929C107D7699C82149814D721C2265E172587A7BAE14347ACE38F57,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000077780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:19.510{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63424-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 23542300x800000000000000032813Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:22.147{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57D1A16C0D31252F12D74909BD238093,SHA256=6FAA2CF183F0A19EFFF77DE39F072167C6BF14430F5CCE777FDED82B00DB0C9A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\onex.dll10.0.14393.4350 (rs1_release.210407-2154)IEEE 802.1X supplicant libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationonex.dllMD5=B958F829E52F260087CB7209F7B99555,SHA256=1428C08B74CC2D0EF9E493187F1963E7B47898249EB158CABE908B82B771C409,IMPHASH=BCD01C70FCB0801784A8044932B1C44AtrueMicrosoft WindowsValid 734700x800000000000000078035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\l2gpstore.dll10.0.14393.1480 (rs1_release.170706-2004)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationwlstore.dllMD5=52574FAC28BB308F127E4BBC4138EBD5,SHA256=517AF989E99F6870E33DE3EEE77F94C33D74B85D9A2C2540B018B096C61C2F89,IMPHASH=81EB696902002AA26A6111B6B9EFE08CtrueMicrosoft WindowsValid 734700x800000000000000078034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560D,IMPHASH=5500EF6AAEED0FAA2DE0F3B65E67DE20trueMicrosoft WindowsValid 734700x800000000000000078033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.982{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.982{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dot3gpui.dll10.0.14393.4169 (rs1_release.210107-1130)802.3 Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationDOT3GPUI.DLLMD5=3C8A654CE7001BF594728B1039ACC327,SHA256=E9924BC5DF7BD79D7CDD60035009265CAA7629C7CDB6E5AA120B5F327183FC3C,IMPHASH=1B83DE64ADAB18A05A2AD993260E56C0trueMicrosoft WindowsValid 734700x800000000000000078031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.982{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117,IMPHASH=BF1AF19CCBABA6D54178C43BE36CD985trueMicrosoft WindowsValid 734700x800000000000000078030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.954{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\msxml6.dll6.30.14393.4467MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=ECF3F9FC612FED875FC8A10052F82CE3,SHA256=9A06876BCFF61CFBE46F80EC76A61E66D80D734607D9503B4162840DE2039F16,IMPHASH=A74F148CA887740D0E045C70ACC762EBtrueMicrosoft WindowsValid 734700x800000000000000078029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.938{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mmcndmgr.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Node Manager DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcndmgr.dllMD5=DDDF9C3B3B4CCFAAD35BA49B0864608F,SHA256=A8EE05699A2CE04D63D078C33A397ABE8D90AE6BC5F0156230620615B13A2F8B,IMPHASH=51AD9533DC3E1E0CFCFEECD129A51944trueMicrosoft WindowsValid 734700x800000000000000078028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.891{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000078027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.891{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000078026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.891{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000078025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.891{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000078024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.891{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.877{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000078022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.877{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000078021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.877{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000078020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.877{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000078019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.877{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000078018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.877{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dui70.dll10.0.14393.4169 (rs1_release.210107-1130)Windows DirectUI EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUI70.DLLMD5=C3DC010AC7F5880CC7BE626566FC4130,SHA256=3ED6E9D0AF769B0BFBE94DFF4CC07A94A81271133FBB60C9EB02676C92FFB87E,IMPHASH=E76D3161885DD9D13E8514AFC7BF3853trueMicrosoft WindowsValid 23542300x800000000000000078017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.860{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D1D293EF47AF85E12A97D19E80E672D,SHA256=4DC2F548DC1CEF3419AA4F75A3031B353F87E4404836498132D2A845E257163B,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.823{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000078015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.823{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000078014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.823{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000078013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.823{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\odbc32.dll10.0.14393.3471 (rs1_release_1.191218-1729)ODBC Driver ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationodbc32.dllMD5=7BE20E672645485F6A3B2E34389344BA,SHA256=B6F6E06CACEE09FB6CC0ACF874477FC9094EA4C14A07FF59B228BDD23C7BF02A,IMPHASH=B6FE10FF835FBB8612CC749787B5472EtrueMicrosoft WindowsValid 734700x800000000000000078012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.823{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.823{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000078010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.815{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.815{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mfc42u.dll6.06.8063.0MFCDLL Shared Library - Retail VersionMicrosoft (R) Visual C++Microsoft CorporationMFC42.DLLMD5=DD361EE0A665F41783E02CEA20285E61,SHA256=457BF44CC1BE99FD74983178AC34E83AEC2ED73DFEE9F9FC7F5F501AD8A6D03B,IMPHASH=5407FE666C5FCACC20F969C8CE05D993trueMicrosoft WindowsValid 734700x800000000000000078008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mmcbase.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcbase.dllMD5=1C8D01FA2F46DA43580F66690E59F942,SHA256=24E48F93B6050D9DA4D1B93D07FCEA7F15AF8142BA8F4B8CFEF19FA670EB5B4E,IMPHASH=3A0957E0E673BE892DE6FEF53C3A2C7BtrueMicrosoft WindowsValid 734700x800000000000000078007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\duser.dll10.0.14393.0 (rs1_release.160715-1616)Windows DirectUser EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUser.DLLMD5=42D5E1F8641E9DCEE0D8751F6F7A8961,SHA256=9168110EF404BF179888AF4A0F02B2817F020BFB16351778F2DDD6915C92F190,IMPHASH=9134DC493583245CFD7E3B68926C19D0trueMicrosoft WindowsValid 734700x800000000000000078006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000078005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000078004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000077998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.795{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exeMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9FtrueMicrosoft WindowsValid 10341000x800000000000000077989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.776{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.761{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exemmc gpedit.mscC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9F{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000077984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.754{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.754{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.754{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.751{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.750{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000077979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.750{8057F119-307A-60EC-2A0A-00000000DB01}664010152C:\Windows\system32\conhost.exe{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.749{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.748{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.747{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000077975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.747{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.747{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000077973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.747{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.746{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.746{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.746{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.746{8057F119-307A-60EC-290A-00000000DB01}90045476C:\Windows\System32\cmd.exe{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.745{8057F119-307A-60EC-2E0A-00000000DB01}7372C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER_PATH" /t REG_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 10341000x800000000000000077967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.601{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000077958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2A0A-00000000DB01}664010152C:\Windows\system32\conhost.exe{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000077953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.585{8057F119-307A-60EC-290A-00000000DB01}90045476C:\Windows\System32\cmd.exe{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.595{8057F119-307A-60EC-2D0A-00000000DB01}5708C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_ENABLE_PROFILING" /t REG_SZ /d "1" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000077950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000077945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-307A-60EC-2A0A-00000000DB01}664010152C:\Windows\system32\conhost.exe{00000000-0000-0000-0000-000000000000}10172C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000077941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{00000000-0000-0000-0000-000000000000}10172C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000077938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-307A-60EC-2C0A-00000000DB01}10172C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.571{8057F119-307A-60EC-290A-00000000DB01}90045476C:\Windows\System32\cmd.exe{8057F119-307A-60EC-2C0A-00000000DB01}10172C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.576{8057F119-307A-60EC-2C0A-00000000DB01}10172C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER" /t REG_SZ /d "{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000077933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1122SetValue2021-07-12 12:07:22.538{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500_Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32\(Default)C:\Temp\test.dll 734700x800000000000000077932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.538{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000077931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.538{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.538{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.537{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.517{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000077927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.517{8057F119-307A-60EC-2A0A-00000000DB01}664010152C:\Windows\system32\conhost.exe{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.503{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.503{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000077923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000077918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-290A-00000000DB01}90045476C:\Windows\System32\cmd.exe{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.496{8057F119-307A-60EC-2B0A-00000000DB01}10108C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Software\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32" /ve /t REG_EXPAND_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 23542300x800000000000000077915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BA3B127F820BF6A21DA167EF377F164,SHA256=7C1E9D75A94350E3028770383E7E955B78B28DC1635DB57B1B23213105E75C2F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000077914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.486{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\cmdext.dll10.0.14393.0 (rs1_release.160715-1616)cmd.exe Extension DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCmdExt.DLLMD5=71B9AD2C078C208ED1633DE7DDAA834F,SHA256=44A35F3F5561E722EA1ED9A128BFF127E6086B114678774BC674BC717DD779B4,IMPHASH=03503926F7A6CC110815DF46C0AEFD5FtrueMicrosoft WindowsValid 734700x800000000000000077910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.470{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 23542300x800000000000000077909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.436{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BBB441583F879A3DFD1F781F25FE308,SHA256=F91A27D746B5881E07169AA18EABCD05063B70AD4E201B9BEFD7D7D98CD68D49,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.433{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.433{8057F119-21BD-60EC-4B07-00000000DB01}58806012C:\Windows\Explorer.EXE{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.401{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.385{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.301{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 10341000x800000000000000077903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.301{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.301{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.301{8057F119-21BD-60EC-4B07-00000000DB01}58809920C:\Windows\Explorer.EXE{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.285{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000077899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 10341000x800000000000000077898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000077895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000077892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000077891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000077890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000077889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000077888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000077887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.273{8057F119-307A-60EC-2A0A-00000000DB01}664010152C:\Windows\system32\conhost.exe{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000077885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000077884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000077883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000077882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000077881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000077880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\ConhostV2.dll10.0.14393.4402 (rs1_release.210426-1725)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=EBEFEF1FE2B0D6FF2595203DADE100C9,SHA256=70F4BB4198467DA8E2FD7AF475536B3F2FD1B3E56CEE7E376D0303C149C449F9,IMPHASH=49A59B06FE5B10F21E36B588430BFDB3trueMicrosoft WindowsValid 734700x800000000000000077871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000077870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.254{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.238{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.238{8057F119-307A-60EC-2A0A-00000000DB01}6640C:\Windows\System32\conhost.exeC:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0,IMPHASH=2C980A4DA7C717CC670CB9E1D2C4D733trueMicrosoft WindowsValid 10341000x800000000000000077865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.238{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.238{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.238{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.237{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.237{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37AtrueMicrosoft WindowsValid 10341000x800000000000000077860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.236{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.235{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.235{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.234{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.234{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.234{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+3c57|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.233{8057F119-307A-60EC-290A-00000000DB01}9004C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" C:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\Explorer.EXE 354300x800000000000000077853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:20.292{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63425-false10.0.1.12-8000- 354300x800000000000000077852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:19.510{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63424-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 734700x800000000000000077851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.218{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.218{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000077849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.218{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.218{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 734700x800000000000000077847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.218{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000077846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000077840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000077834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.202{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000077830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.189{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.189{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-307A-60EC-280A-00000000DB01}644C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.155{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.155{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000077825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000077824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000077823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000077822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-08A1-60EC-1600-00000000DB01}12365984C:\Windows\system32\svchost.exe{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000077819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000077818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.140{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.135{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000077816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.134{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000077815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.134{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000077814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.133{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000077812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000077811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000077810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000077809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000077808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000077807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000077806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x800000000000000077805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000077804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000077803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000077802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000077801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.118{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000077800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.101{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.101{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-307A-60EC-270A-00000000DB01}9168C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.101{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.101{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.101{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.101{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.086{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.070{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.070{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.070{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.070{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.070{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-3072-60EC-260A-00000000DB01}10116C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032842Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-307B-60EC-4505-00000000DC01}2468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032841Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032840Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032839Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032838Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032837Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032836Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032835Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032834Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032833Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032832Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-307B-60EC-4505-00000000DC01}2468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032831Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.960{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-307B-60EC-4505-00000000DC01}2468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032830Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.961{50946567-307B-60EC-4505-00000000DC01}2468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032829Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.756{50946567-307B-60EC-4405-00000000DC01}13444076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032828Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-307B-60EC-4405-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032827Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032826Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032825Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032824Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032823Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032822Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032821Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032820Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032819Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032818Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-307B-60EC-4405-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032817Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.460{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-307B-60EC-4405-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032816Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.461{50946567-307B-60EC-4405-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032815Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.413{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=95232658CCE9C2ECB0ECBFCA1632F2B4,SHA256=A9CAC9E3AEC5C8B02DB5FFDBFF6EE62BB7E1B93FA4894DA9035A806454AD5957,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032814Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:23.381{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ADDC534EE552A66DC02778C4F482777,SHA256=44773F9B082A38603E5B58099AC8D12744CF0871CB8F71B90D3164FC7E0E0F42,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.950{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4,IMPHASH=334E5331674424695F9872596E2677C7trueMicrosoft WindowsValid 734700x800000000000000078110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.935{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=6EE744B7052F6DE1C9870F9C97FDB42F,SHA256=6FE549AAB3A751D32F4FE7A1492BE85B4FD4AD718A9561CBAB6E82B97BCFDD40,IMPHASH=8C07B81A4B319D612B954B42DF3C1D74trueMicrosoft WindowsValid 23542300x800000000000000078109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.935{8057F119-1972-60EC-FB05-00000000DB01}4904ATTACKRANGE\AdministratorC:\Windows\system32\taskhostw.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\NVCWY13N\views[1]MD5=A726593A8261930E4786375106FC6BFE,SHA256=E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.935{8057F119-307A-60EC-2F0A-00000000DB01}5148ATTACKRANGE\AdministratorC:\Windows\system32\mmc.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\DID55GTF\views[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.935{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\wininet.dll11.00.14393.4467 (rs1_release.210604-1844)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=2155253CEE186286631247CCF3C7D138,SHA256=AA97CAF5AE292D467421116F9DB4A84008A6ED868F1ADDBE06585BF3FCCEB476,IMPHASH=B3ABC7D59C2B1ACAEECA63C53B0AAC4BtrueMicrosoft WindowsValid 734700x800000000000000078106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.885{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=E5259F73A504669357CF435C9044FA5E,SHA256=3E84BDF133912A296FBC842A9103452F27C05785D77E145329BFB9B3F5B5A7F1,IMPHASH=CBEE0B2314A44C19D7D26951C39F11F6trueMicrosoft WindowsValid 734700x800000000000000078105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.642{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458,IMPHASH=F1FC6BF3699C289EBAF914A7771E49CDtrueMicrosoft WindowsValid 734700x800000000000000078104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.657{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0,IMPHASH=FED414075FF3F23F21C898B1860393B4trueMicrosoft WindowsValid 734700x800000000000000078103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.642{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.642{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.642{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000078100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.642{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ieframe.dll11.00.14393.4467 (rs1_release.210604-1844)Internet BrowserInternet ExplorerMicrosoft CorporationIEFRAME.DLLMD5=13F327C8FBD3F269304BB84DE36474A9,SHA256=81560FD91B1DAB5329E68F6E43F16DA7FC9E0296D16EF8F234A6AD0D4BEA62AA,IMPHASH=C88C7ABCCBE2D1CE9D711B5FBA02EA04trueMicrosoft WindowsValid 23542300x800000000000000078099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.595{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03BEAFA07BCBEDE62CD2495AC84498C3,SHA256=1C609AC692C01815739B5636E01F181E31E7AF9F06B6E14A1ADBA73ED87B7991,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.363{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\atlthunk.dll10.0.14393.2969 (rs1_release.190503-1820)atlthunk.dllMicrosoft® Windows® Operating SystemMicrosoft Corporationatlthunk.dllMD5=BECA5E9FA540246333036919A57B7AEF,SHA256=62C24B274B38A88C83EE122CB30142C2135953C1A26582AD003512B238CB7FC9,IMPHASH=E86BAF1A171668A11110B8975A3BDE27trueMicrosoft WindowsValid 734700x800000000000000078097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.341{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000078096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.341{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000078095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.326{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000078094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.326{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000078093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.326{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51,IMPHASH=05056B92E29CCE6F97F9C6674AE080C0trueMicrosoft WindowsValid 734700x800000000000000078092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.326{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046,IMPHASH=563B6F147961D943E0261E05EAD94B56trueMicrosoft WindowsValid 734700x800000000000000078091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.326{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 734700x800000000000000078090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.312{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000078089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.279{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9,IMPHASH=427F18493D540CBF4092BD07A97BE51FtrueMicrosoft WindowsValid 734700x800000000000000078088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.263{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000078087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.263{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000078086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.257{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\polstore.dll10.0.14393.0 (rs1_release.160715-1616)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationpolstore.dllMD5=AE6F98B3745A1EFEFBF3B7A8A3C3C53D,SHA256=C1D6274305D023AEB46EDD8981B873E53546648AE12053774C4278FB9BD1D011,IMPHASH=A0AC5A6530D0A76AD98B72F80717E27CtrueMicrosoft WindowsValid 734700x800000000000000078085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.241{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ipsecsnp.dll10.0.14393.4169 (rs1_release.210107-1130)IP Security Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationIPSECSNP.DLLMD5=787CFB5A7CBEB7125E61B59081DFF212,SHA256=553B8503559AC164359EFFD2A966DE35C50F840F5D51EBE58108B5C388AD3932,IMPHASH=809DD47539EED08BC0A26132903E0004trueMicrosoft WindowsValid 734700x800000000000000078084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.241{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\authz.dll10.0.14393.1737 (rs1_release_inmarket.170914-1249)Authorization FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationauthz.dllMD5=6BAADF6A3E985DE5AB6FDA778E18F1A5,SHA256=8FD060B0F29A1FB23C3D1F389C22EC067247F1E457F331D2B15AE44323ECB8D0,IMPHASH=720B221BA6A01692F2370B4CCC197970trueMicrosoft WindowsValid 734700x800000000000000078083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dssec.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Security UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdssec.dllMD5=40D4AF43D521476F76C71CBBA609BD52,SHA256=56DE5022EC8C1CEB6203463F681E828D2D500BF066D1F3D617F5D1849FE99FFB,IMPHASH=02988505EDF42864EE719379A329CFC4trueMicrosoft WindowsValid 734700x800000000000000078082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2,IMPHASH=AB84E6F170EE70C2F0F5C709A85E872CtrueMicrosoft WindowsValid 734700x800000000000000078081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000078080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dsuiext.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Common UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsuiext.dllMD5=FE6052C8CCDC9570E0A6535A0DA46BD9,SHA256=4D0AC8F3C5C258DFAF8DDF07A37B94ADE58E838EED5FA610FC13E957D98E4E79,IMPHASH=D81CA2AA793C8BAFCBCE288F63313BCBtrueMicrosoft WindowsValid 734700x800000000000000078079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000078078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\gpedit.dll10.0.14393.3986 (rs1_release.201002-1707)GPEditMicrosoft® Windows® Operating SystemMicrosoft Corporationgpedit.dllMD5=2763BDA50EB812D28B97EFDE6C72A906,SHA256=1C50275E3A13A5C13DBAB322262C072CE26ED2F9276B8F572489E0914BD28C51,IMPHASH=4806C6DC2AD2917E93136CB79138A68CtrueMicrosoft WindowsValid 23542300x800000000000000078077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=2D0961CE9FBE758674A6397F5046F1A0,SHA256=2D7F8FEFA83AEE8BFA5813B9672677B002ACCDC59EC09E7883AA95326656442A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.225{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B6416EA9A5CF12C6BCBFFD5DA8165DF8,SHA256=FD36F7E61C9D3F44AA74379AFA775FB0AD39F56B6BFBFC8B62100658B4589307,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.210{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x800000000000000078074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.158{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\scecli.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Security Configuration Editor Client EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationscecliMD5=BAA89268BE81CC61434688AD2D9640FB,SHA256=CEA9666B3CDCC33B2338B80D0DB4FFA0B12A78A5436FC311D78A4E7914F6EE87,IMPHASH=E8ADB2FA4DE364A13AACC7A2AB0A7DC7trueMicrosoft WindowsValid 734700x800000000000000078073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.141{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\wsecedit.dll10.0.14393.4225 (rs1_release.210127-1811)Security Configuration UI ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWSecEdit.dllMD5=09E58C11C76F18E6710E3843C25CA3DD,SHA256=DC345CB26416422921B48185086FDB1545C3655CCAACE3DB9E9C571647DD8CCF,IMPHASH=7A899B1ACB52241546FFC5E0A7779E17trueMicrosoft WindowsValid 23542300x800000000000000078072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.131{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86BC14984C27D90C320960FE04D29B97,SHA256=A22DAC2FFCF3D74E9F84AA1AB184FDF9EA8F6462AB0869715556431C81F82A61,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.109{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000078070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.109{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23,IMPHASH=2BEC012C7F0C624C5C5ADC500530215DtrueMicrosoft WindowsValid 23542300x800000000000000078069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.109{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0A81DBC0DCB0B3F0D664283698871388,SHA256=F45D4DF08F78D9916BE60D5C1B78BD94F02E3E0DE45E9C8766B266E4080A274D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8,IMPHASH=62620EF249FFBE3A3FFFCF86ECC0E8AFtrueMicrosoft WindowsValid 734700x800000000000000078066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210,IMPHASH=BC4A2B9355432144727A5322381AB386trueMicrosoft WindowsValid 734700x800000000000000078065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\logoncli.dll10.0.14393.3808 (rs1_release.200707-2105)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=B5C16F0A457DB3C7695AAC9EE7E3EE1E,SHA256=88764349C57E619C6D1253BB2F4AFB27DBD141E9EB9C12D445C20F7384A4F437,IMPHASH=FD7877EA3FC7D2EDCA1ADC932A5034BDtrueMicrosoft WindowsValid 734700x800000000000000078063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8,IMPHASH=B53F82B33CA6ABD6251152A46E5FF78CtrueMicrosoft WindowsValid 734700x800000000000000078062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.097{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885,IMPHASH=70AAA0F56F084D1AE09EB5CD51B268ECtrueMicrosoft WindowsValid 734700x800000000000000078060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000078059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ntdsapi.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntdsapi.dllMD5=01AD803D409DC3C6582A9C519EB4B014,SHA256=C5A0873EC1223A67CE5980BB62F176FDF2E61BB54081CE004F479629413F27AA,IMPHASH=F054B0981CD29F6A35E7C04E22CBC1FBtrueMicrosoft WindowsValid 734700x800000000000000078058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\aclui.dll10.0.14393.2515 (rs1_release_1.180830-1044)Security Descriptor EditorMicrosoft® Windows® Operating SystemMicrosoft Corporationaclui.dllMD5=90FD7D609825CE93CC663E37DDBA1CB5,SHA256=C1F84D5A7F171C7FB4986E4E647BFB78F7E9D7DDEFDCD92EA5CAAB77AA7E11A9,IMPHASH=9939EFA70C5D79987E10B21C80592DAFtrueMicrosoft WindowsValid 734700x800000000000000078057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000078056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000078055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70,IMPHASH=6FD21A38F62935B130604FF29AA3AFC5trueMicrosoft WindowsValid 734700x800000000000000078054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\imagehlp.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationIMAGEHLP.DLLMD5=E1C665DC0FD5A7423B0C0F5325A1027F,SHA256=8B84BE9335EF640ABAA8E8BBA45C6BC77F2251359D4BCC157235CB4BC107AE69,IMPHASH=C88C4D131D277C03F0879B4E0D5679DBtrueMicrosoft WindowsValid 734700x800000000000000078053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000078052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7,IMPHASH=E4AC0A0BD42B7356347D6A1BE150F6A6trueMicrosoft WindowsValid 734700x800000000000000078051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.076{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000078049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.061{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123B,IMPHASH=4DD388EAD48B428D06DBB92F58C86A13trueMicrosoft WindowsValid 734700x800000000000000078048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.061{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.061{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000078046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.061{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\certmgr.dll10.0.14393.4169 (rs1_release.210107-1130)Certificates snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationCertMgr.dllMD5=3DA0529210995B257F9ED33CB14A2FC3,SHA256=A3EBA3CB56A57EFA43E9C49194F2FD41B81481F88062959BDC4DC3520416A309,IMPHASH=5657D08561EA9D97B13FA4C28661EBEEtrueMicrosoft WindowsValid 23542300x800000000000000078045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.040{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=803D1676B3A2EB49E14E10F421339AEA,SHA256=8C3487320619CD889EC224FA2E2AC341AB2AAE52DD64EB0B7554DA66E9F6B77F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.024{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\wlangpui.dll10.0.14393.4169 (rs1_release.210107-1130)Wireless Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationWLANGPUI.DLLMD5=9E33E97A0FE466076D42D13F5635A478,SHA256=AEE7A26D0D10F949228D0C7D241CAC457663902B428AD30DDE594C56AADF77F4,IMPHASH=0D879D7637744E29F6C3E75CFEBC015EtrueMicrosoft WindowsValid 734700x800000000000000078043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.024{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\AuthFWGP.dll10.0.14393.2155 (rs1_release_1.180305-1842)Windows Firewall with Advanced Security Group Policy Editor ExtensionMicrosoft® Windows® Operating SystemMicrosoft Corporationauthfwgp.dllMD5=53317F9C457BEC2D5FF5B77DFFF77C50,SHA256=93C6ABF90D8A7E6502F85266BCCE9A27B2021ED02E0F64AFC6DA2F4591D15906,IMPHASH=92F2C0E6509696CC91467DCBAEDF933DtrueMicrosoft WindowsValid 23542300x800000000000000078042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:23.009{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0F91DD7D3E681F1B789754648B7CB96B,SHA256=329C58A38D7FEE7A40BCAE28B3790A98C819BCA7AEE75849701F32354BC51441,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\eappcfg.dll10.0.14393.4169 (rs1_release.210107-1130)Eap Peer ConfigMicrosoft® Windows® Operating SystemMicrosoft Corporationeappcfg.DLLMD5=98CEFA645EB1E49E520DE83C80756469,SHA256=5DDFB12A86D6B8C674859C3F52A3C720DB0D6C26486DFCC062D36BFFE9345473,IMPHASH=AE4E90B7ED47E5CD4A726EC6204EBECBtrueMicrosoft WindowsValid 734700x800000000000000078040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000078039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\eappprxy.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft EAPHost Peer Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationeappprxy.dllMD5=8859948D74C0CE993BD9FA2D7C816A0E,SHA256=E48867AD309BFBE43E4A2F6B702EF19656E1F9E65FC9F0DF179539BAD6BF338D,IMPHASH=5E19174AE1E573CB6B03FB1013388E28trueMicrosoft WindowsValid 734700x800000000000000078037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:22.993{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 23542300x800000000000000032859Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.928{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B4EC79F254A238D1F2F9220E353BF748,SHA256=5F9237963FEDB2E47D339558832F12F84FB6BC56352293BCFA9BD5AD7F13C010,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032858Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.928{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ACC554D550A5A930ECECAEAF69B2CECF,SHA256=498EFB9459BF3B5140E6D79807F62FDEA88124B34210F090AF4FFDDC44300824,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032857Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.928{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C50FC12E08B9DCD56C6E0867E8AF730,SHA256=1F85D8F1B51DD28049A3CEE71DD44F4D980A4CBAB2BB58DE4096D88F6AC134C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032856Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.803{50946567-307C-60EC-4605-00000000DC01}1968752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032855Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-307C-60EC-4605-00000000DC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032854Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032853Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032852Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032851Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032850Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032849Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032848Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032847Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032846Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032845Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-307C-60EC-4605-00000000DC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032844Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.631{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-307C-60EC-4605-00000000DC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032843Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:24.632{50946567-307C-60EC-4605-00000000DC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000078190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.999{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000078189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.997{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=90A1CD387F9CB30F86D34B88BFCD83A1,SHA256=5F6CE9777CDC7B0A0E98C90709C41C379415DBA654A39B332BB683A7F2B86E97,IMPHASH=07C997EFB887CE39B75B7896A20F5FFBtrueMicrosoft WindowsValid 734700x800000000000000078188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.981{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=9FEEEA412847864E044BBD2789C2457B,SHA256=359D3258E661357C768B1FBB885743E63D3D218FE7999D4A39FC8AEEF64B52B3,IMPHASH=16E2C81454E1F9301D6F8A9B1F5DB754trueMicrosoft WindowsValid 734700x800000000000000078187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.800{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=CA6447DDCA724F0C5C0CAFDE184EFE64,SHA256=F9664337B60A332571FCA81CC3E6DD194DCE20C8546980FD283CA892D0CC873C,IMPHASH=6E3C4DB87F2B77C788E86C1A678A8D0DtrueMicrosoft WindowsValid 734700x800000000000000078186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.782{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=A6F22CA344FD1B7D75D49ECC718693C8,SHA256=C7787F59263B7D5246B931531AB4DC4C430E1BF8260775B7A751D4994A5D3489,IMPHASH=689E2A5805AE9CF0919D2DDDDDC411CCtrueMicrosoft WindowsValid 734700x800000000000000078185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.782{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=5480D88484EFE8EB7EDB99E68CBCA337,SHA256=B555AD6480A30599CF27A818E470B25C9242AB80C94835EAE08B226854E630D7,IMPHASH=A7A8E1C7D8A348EDDDA81702A2FEC068trueMicrosoft WindowsValid 23542300x800000000000000078184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.720{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1738306AB8A2FD9198236450D1685F77,SHA256=1D4CAC6284C321AD40A77645A6666B6BD174B7B6F39ADAEC95B39736D8F43F04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.702{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.701{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.700{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives Library (Wow64)Microsoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=0D7153433B25ABA6DF86FBC7FA543CBF,SHA256=C8DF43428EC79BEB384B2B2561A3D8FF98040ABBC760C35F99E1FBE2D04170BF,IMPHASH=61592743BFAEF2F12950E5420FA2AEB1trueMicrosoft WindowsValid 734700x800000000000000078180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.699{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000078179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.697{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000078178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.697{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=A2E7DB9004B5F149FEA6776FA9C7A9F3,SHA256=C62D701FF9A54CEFA5629F904470D4664A41598270A4952B7A60E542D7A87AED,IMPHASH=8F303613138642A89948D086887F818CtrueMicrosoft WindowsValid 734700x800000000000000078177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.681{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=9BA49461346F5B2DAFE81E401E884241,SHA256=297B46C95521B8EB59B3793F0ED2736F39C495D2C3D622638EE9205F53E69EFD,IMPHASH=3546967BD7A83D49718BE45FB48403B5trueMicrosoft WindowsValid 734700x800000000000000078176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.650{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A5DBC147158A0FFB44246C9452A1C9E1,SHA256=D7763F384F902F00980FE6A2ED0F254AF0539B66AAABFF64413B0D17606000A9,IMPHASH=CAC6B3339C5CAA083E24A4484EE86E29trueMicrosoft WindowsValid 734700x800000000000000078175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.634{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=F6B687A32ABAE8BE3B02C122B58D952F,SHA256=DF763BDC4348BBEA93375263BF88E0BCD1267C58FC0F6E994F6D778D302DDE85,IMPHASH=60EA58ED63BD25EC1709F72F112B0086trueMicrosoft WindowsValid 734700x800000000000000078174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.634{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=7BC54AA66588A3DF7B1448A4493C6663,SHA256=9CB1BA7C092164DAA14E21454606905E294D137AD72158F92A666077D7CF1946,IMPHASH=2DCB08A6E31A83C3EA33C5793EFA9A56trueMicrosoft WindowsValid 734700x800000000000000078173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.634{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=0D885953D657434CA5015545A364BDB9,SHA256=1D29921E136F84B4CA9F1EBD646CFFF4571EA805A6CC5BC1F7C7784CC3246088,IMPHASH=76F056ED62EDF4D48793D8C5EDA733ADtrueMicrosoft WindowsValid 734700x800000000000000078172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.619{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=7CAAFE27AECA4ED69CC960438C1B5757,SHA256=725B17A1DC08013337B50D4E0A6E332CC4C30F164383DF2ABBC735001C834F2C,IMPHASH=BFFFEC36C21D417AD54A3AB3D4E7EE22trueMicrosoft WindowsValid 10341000x800000000000000078171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.619{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.619{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.619{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=E1A1B98F2AD180FA2117A56D869E5830,SHA256=2D9711E9D549CCB441EF21F72F08FB4EACD5F2990193C6FFFC7E7AC92FA6E670,IMPHASH=1FCD5DF5B3D97346B0A828B1CFDB1ED1trueMicrosoft WindowsValid 734700x800000000000000078168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.603{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=2BDBEE1B42063F245AC86F54C236BC4E,SHA256=CD558E008DA76E171FC9B8CF87556353330D7B7BF593B5074E4FEB08BC14CFC6,IMPHASH=6FE75EB0A263DD16629B09AECE416B36trueMicrosoft WindowsValid 734700x800000000000000078167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.603{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=4BA1C50E6607AE70495B58874963B901,SHA256=72BBBB4145E058C3B12504AC0EC128CD44E282D40959D018192899276A2B9C69,IMPHASH=9F60CD6001B5CEA647B250DFF3B6F65AtrueMicrosoft WindowsValid 734700x800000000000000078166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.603{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=0FDEB9236FF287E329F2EF155BA8AE56,SHA256=5F0C2A29312C82D14B8B42D2B6AAFEB82EBAD20822B603FD162E6AAF39B06C95,IMPHASH=2D7046CEF5DEEA9D960D37CB0A98F146trueMicrosoft WindowsValid 734700x800000000000000078165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.600{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=F169BB178FFF9EF0E90CF23D07F1B57A,SHA256=1A28934762F0FB587D63FBCD755198F9E660D38F49A7C85C976EB8FF646F2B67,IMPHASH=25AC4D4B6BEA6260ADEE864A6D475575trueMicrosoft WindowsValid 734700x800000000000000078164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.581{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=203F58BA41B48A59D6A047E0233DB422,SHA256=4204F7C2B4E13AA3819A180FACA724435F6400FE97D2EF6C74634A0D7E51F7F3,IMPHASH=EA6E499F92F9040E9609EFDC47BE01FEtrueMicrosoft WindowsValid 734700x800000000000000078163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.566{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=F5FF215A5AE295644FE12BEAF6B75D00,SHA256=714EEB3B620CC9E368813728B1D247684519A3181211CDB5FCC37451F9BC2B96,IMPHASH=F90F73E985A4791F34FE3574D5616CACtrueMicrosoft WindowsValid 734700x800000000000000078162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.566{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=AF2A9437F3AED2E8254B7E1EB6E96782,SHA256=D8F3C957BDBD9DB510E71B07CDE1B446491D4DC520787548060B3AAD1324C62A,IMPHASH=5D2578ED274AAD83C30A3917C98404EEtrueMicrosoft WindowsValid 734700x800000000000000078161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.566{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=318804DFF282AE5C2FEF5577057CB913,SHA256=A65C5C3F38A793F0C59C1A4553940D6D236CE2BC3380898E865BF0E1F80FEE8C,IMPHASH=5D92B73B6930EFBC71A36B7FEF62DF62trueMicrosoft WindowsValid 734700x800000000000000078160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.550{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=CDD32AC585A458B6B2BC777FACF83BA4,SHA256=6A6D1362633319BA3E2D389A70827D0B5802C5EA9DD5CA723AEA6DBF65713426,IMPHASH=E698C8E2E06172CDB524686FF10A5C5EtrueMicrosoft WindowsValid 734700x800000000000000078159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.534{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=E9E209227AF7EFBFDAAA0B932251486D,SHA256=639DD063669F506790DA8C940E3BEBE4F7CF31668260F94CF5A67C93021D2BDF,IMPHASH=25AFDCBDCE8BEB6A7109D378495BE552trueMicrosoft WindowsValid 734700x800000000000000078158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.534{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=C6C25E7A5D01FD9147D482CD834999E4,SHA256=AB08074A7B8F0F23EF24CAF00654510E7F89F8B31E5F57A7E059ACFAB34F4C29,IMPHASH=C4387C261B588A5F35A1A681C1322E08trueMicrosoft WindowsValid 734700x800000000000000078157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.365{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000078156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.365{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000078155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.365{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000078154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.334{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000078153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.334{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=E3851CE4A433475612CB0E1552A733E3,SHA256=F391BAA7AFF5734842737FC1B4C58856BA5E409A7B97C037995F0F26150A85FA,IMPHASH=6DF3E31673D2CCEDABFBE5A79390B72DtrueMicrosoft WindowsValid 734700x800000000000000078152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.319{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=F058FE3C5E3DEF875A654A18551D88E5,SHA256=78DC0394AA359DBD2EB8BE7F13FEDF0478C8AA55785712B358FAC1C97D051B87,IMPHASH=44F906D172B935DEA0C5D038C6FA8449trueMicrosoft WindowsValid 734700x800000000000000078151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.319{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=8E944CBA7B0993C79E9AFD7A98731F0A,SHA256=4C377F857E4ADF55949D88F4CC4A0B7A38268532284ECD1331C25F4C29E2EC71,IMPHASH=7E0E904C0FD68DBF5F794D700C0C3C3DtrueMicrosoft WindowsValid 734700x800000000000000078150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.303{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=294BC43051C27ADB96A957A6FB9448BE,SHA256=9564D3F69345F9883161007F2E26298FD377B023D1D46C0AAE9821B4B26A74B3,IMPHASH=B1175218A8304DF3BD6BF43A45EE8073trueMicrosoft WindowsValid 734700x800000000000000078149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.281{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=7B019DFD62509B244C4A11809F595C07,SHA256=2E879BBDC7C215041617FC599FCBA8C474F99E27B8333EA4DCA4854FE738F22D,IMPHASH=918DADABE6E41CFBB03F954A46D3F72EtrueMicrosoft WindowsValid 734700x800000000000000078148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.265{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=3D4308BAC53B881B16D9BD1006ABDC65,SHA256=26DF85FC22F9FCAA2212CB66612FE8F5CC6382953FE81B9C34128E43080C7891,IMPHASH=C7D6B46400E43E7BE538D1CCB512EC25trueMicrosoft WindowsValid 734700x800000000000000078147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.265{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=580643DD40890B231399EA5F57EFAA70,SHA256=0B374B1825ABFF7B26170E75F1B638DF08A15B07660A7DF5533F02853CF266C6,IMPHASH=AC11100B3FFA7FCAFA188E618E4C7CC1trueMicrosoft WindowsValid 734700x800000000000000078146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.265{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=990CA13B9FE19A5A611F77B333BC9AAD,SHA256=EC3960CAABA4FC0287601311BDCC14D472A165DA7C43F88665D984CE1A0B7DE4,IMPHASH=EED74FF36259DAC3FFC7675209FEED89trueMicrosoft WindowsValid 734700x800000000000000078145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.265{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=3394E4EEB4851D80DD7548EC87EAEA5F,SHA256=7F670ACCE58EAADE796FEF335B4EAEAB66DFC47875219B9BE3C9B405A452450B,IMPHASH=C3B61C1F5D46A607D624033E7094E4FFtrueMicrosoft WindowsValid 734700x800000000000000078144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.250{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=F3B7F231407DD207CABC94C9347984AC,SHA256=053A1D95EEB426416278D2AD7D584FDD984A8B445CC88B46785AB8666383FB0B,IMPHASH=B5CBF1B1B5086E2C500FD84325E04D44trueMicrosoft WindowsValid 734700x800000000000000078143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.250{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A1EDD29F959E38F8AE4AF9B5CDD2B534,SHA256=CE5ECDC3BEFA2DC8C826A697EAC6CDAC12753258315701130CDEDB19D24DBC75,IMPHASH=8B861EA72FDD6FC722328B2746B13380trueMicrosoft WindowsValid 734700x800000000000000078142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.234{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=E3B7B5531159A395AC63B7EA256FE7B6,SHA256=B631E93E271E706E0204B606D7851ADF7E65FCA04ACDD73103F0754A9C01007E,IMPHASH=6E1D0A92C1917EFBFC1EEA82FA5E155FtrueMicrosoft WindowsValid 734700x800000000000000078141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.218{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000078140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.218{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64cpu.dll10.0.14393.3503 (rs1_release.200131-0410)AMD64 Wow64 CPU Microsoft® Windows® Operating SystemMicrosoft Corporationwow64cpu.dllMD5=C1F2078639481364EA3FDD10CBEB1A18,SHA256=B63E6DC0B3D7ABA9CB95929A1A360208A570CB2072474276F649B68F1AC8DC82,IMPHASH=15CD876FB3F6EC97A2F7466360415F86trueMicrosoft WindowsValid 734700x800000000000000078139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.218{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.218{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.218{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000078136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.203{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.203{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64win.dll10.0.14393.3383 (rs1_release.191125-1816)Wow64 Console and Win32 API LoggingMicrosoft® Windows® Operating SystemMicrosoft Corporationwow64lg2.dllMD5=62DEBA17D0A26B352F1C3F02144BC6EA,SHA256=5A1C08FE318942CB31048DBD641E25610DE842E34470B3E54FEDCA4E2642D4E0,IMPHASH=3045357B61B63AEF6CBCD96F2FA7E9D8trueMicrosoft WindowsValid 734700x800000000000000078134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.203{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64.dll10.0.14393.3503 (rs1_release.200131-0410)Win32 Emulation on NT64Microsoft® Windows® Operating SystemMicrosoft Corporationwow64.dllMD5=447615F19DAAFF9C308370C59F493BF8,SHA256=45ED2009CEEB249BBF518B958AF02B97E667DB68C9B6D65642E69E9B0300CF5D,IMPHASH=03B9E38A9E88FDC66380837CCC8647FAtrueMicrosoft WindowsValid 734700x800000000000000078133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.203{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=57015A39A73789DC7171F4F6B211AC32,SHA256=3ED6D5A7095A141DCF234926EE0274FDA627C2829607DCE0F7604B7C683067E9,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843trueMicrosoft WindowsValid 10341000x800000000000000078130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-307A-60EC-2F0A-00000000DB01}51488604C:\Windows\system32\mmc.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+5fc62|C:\Windows\System32\KERNELBASE.dll+5f7f6|C:\Windows\System32\KERNEL32.DLL+608d6|C:\Temp\test.dll+1081|C:\Temp\test.dll+134f|C:\Windows\SYSTEM32\ntdll.dll+1859f|C:\Windows\SYSTEM32\ntdll.dll+71d1e|C:\Windows\SYSTEM32\ntdll.dll+71b6b|C:\Windows\SYSTEM32\ntdll.dll+2d7dd|C:\Windows\SYSTEM32\ntdll.dll+18b4d|C:\Windows\SYSTEM32\ntdll.dll+1512d|C:\Windows\SYSTEM32\ntdll.dll+11c4c|C:\Windows\System32\KERNELBASE.dll+25b2f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a8937|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a868b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525ab3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525eff|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+5289ad|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4f2242|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4258c9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13e9a7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13916f 154100x800000000000000078124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.185{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEC:\Windows\SysWOW64\mshta.exe C:\Users\Public\EVIL.htaC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-307A-60EC-9AE3-870000000000}0x87e39a3HighMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exemmc gpedit.msc 734700x800000000000000078123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.181{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=ADE7AAC069131F54E4294F722C17A412,SHA256=92D50F7C4055718812CD3D823AA2821D6718EB55D2AB2BAC55C2E47260C25A76,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x800000000000000078122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.165{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Temp\test.dll-----MD5=BAD072DD3BD7B46B8C7BD7D27569D9D5,SHA256=25EC6A50C36ED42C4AEC92B0DAD67F49DD39ED10C9048185AD72F2FE4816E5C8,IMPHASH=3DA185B95597422D5F87D0C5E8C33CC7false-Unavailable 734700x800000000000000078121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.165{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140_clr0400.dllMD5=63936588122BDEE9624D02CE3F8F54EA,SHA256=21F7E6165CE8DD92DB8CDF48CEE83DE64B2B0807B7B499CF87678B70C6F8C32F,IMPHASH=CD244BF7A749BF0B13E038D2EE842BFCtrueMicrosoft CorporationValid 734700x800000000000000078120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.165{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationucrtbase_clr0400.dllMD5=F8F171BE1820544E15B555847005355C,SHA256=CDDF9A2BF085AE59BA464B3BA6394AACFC342DA5F17D77FD5306054C8AABF153,IMPHASH=0524DC27AA10ADA72FFB6F88F5FD8829trueMicrosoft CorporationValid 734700x800000000000000078119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.165{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll4.8.4380.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Common Language Runtime - WorkStationMicrosoft® .NET FrameworkMicrosoft Corporationclr.dllMD5=70694DB5ADC4C766A3572886DE86A9C8,SHA256=C81FD948E0CFF4961674B068D157DBB196328348202C1CC3BD08C1E4D1203036,IMPHASH=6851068577998FF473E5933122867348trueMicrosoft CorporationValid 734700x800000000000000078118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.066{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45E,IMPHASH=005299FA213F652A596AC31760C5340BtrueMicrosoft CorporationValid 734700x800000000000000078117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.066{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBC,IMPHASH=12E8F895FFFE1065F24D148EC1ED3096trueMicrosoft WindowsValid 734700x800000000000000078116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.050{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 734700x800000000000000078115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.050{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\AdmTmpl.dll10.0.14393.3986 (rs1_release.201002-1707)Administrative Templates ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationAdmTmpl.dllMD5=E1CF1CD067E3C0C53A0F2A1544524688,SHA256=0A1644529D587272E6FCE0257AE061F223BFB958618D76D7CC5F9EF66011803F,IMPHASH=D6275993A6AA40AF4EF7CB35C64D34A3trueMicrosoft WindowsValid 734700x800000000000000078114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.034{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\msi.dll5.0.14393.4350Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=DEC633243BDCEAD0E3BDDDAFBC933F02,SHA256=FC9AFA9CDD6ECC1194C1532F37AF6FEE9E888DC5D2056BCE0C59538A389FC9DE,IMPHASH=702DDC1509DE604C8D612A66E9E39DACtrueMicrosoft WindowsValid 734700x800000000000000078113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.034{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\gpprefbr.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy Preference BrowserMicrosoft® Windows® Operating SystemMicrosoft CorporationpmbrowserMD5=C6F7D269250C984166912CE18E1E7083,SHA256=CFF659257BB3B45AABBB11D5D9930FB83EF30CDB168F1DFFCD226AFEE335C258,IMPHASH=B95C208D652CA4ABD1753B600C50E7D3trueMicrosoft WindowsValid 734700x800000000000000078112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.019{8057F119-307A-60EC-2F0A-00000000DB01}5148C:\Windows\System32\mmc.exeC:\Windows\System32\gppref.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy PreferenceMicrosoft® Windows® Operating SystemMicrosoft CorporationgpprefMD5=FEBB503E16009EF67E2B39B076AFAB19,SHA256=2C8B648BF4325C9E5A46DBC9075E2BD37A6E649153E7F97E42B1518B5F0B8CF0,IMPHASH=B574852D0C9D30D215A9F05463D02F7BtrueMicrosoft WindowsValid 23542300x800000000000000078213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.666{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5853A313A1D1F651240B6A5032A7605,SHA256=987DFBDC910CCBEF48291284E1F618EC8916875BE1480A36886D2FE13461F969,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032891Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.835{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032890Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.835{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032889Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.835{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032888Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-307D-60EC-4805-00000000DC01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032887Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032886Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032885Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032884Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032883Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032882Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032881Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032880Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032879Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032878Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-307D-60EC-4805-00000000DC01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032877Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.819{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-307D-60EC-4805-00000000DC01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032876Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.820{50946567-307D-60EC-4805-00000000DC01}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032875Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.632{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B4EC79F254A238D1F2F9220E353BF748,SHA256=5F9237963FEDB2E47D339558832F12F84FB6BC56352293BCFA9BD5AD7F13C010,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032874Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.569{50946567-307D-60EC-4705-00000000DC01}16641688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032873Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-307D-60EC-4705-00000000DC01}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032872Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032871Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032870Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032869Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032868Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032867Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032866Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032865Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032864Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032863Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-307D-60EC-4705-00000000DC01}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032862Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.303{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-307D-60EC-4705-00000000DC01}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032861Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:25.304{50946567-307D-60EC-4705-00000000DC01}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000032860Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:22.419{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51617-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000078212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.234{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.234{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.234{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.234{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=95A1BA1B908C04EE471AAB365D557FC4,SHA256=5EAFA5C8125CE0A4C69238F28E94E9DC96ECB2474CF429A1BA4C56233D32EBFE,IMPHASH=781D96AFC4A43989716F0476826C7E94trueMicrosoft WindowsValid 23542300x800000000000000078208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.201{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86BC14984C27D90C320960FE04D29B97,SHA256=A22DAC2FFCF3D74E9F84AA1AB184FDF9EA8F6462AB0869715556431C81F82A61,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.181{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=A8286DA670839BD4D3B828E5DCE2D579,SHA256=9A039B35434ED287DBB4F23906E07ED81BB3AF62F01CC31842D1B1E8387C4AFD,IMPHASH=351F646C1B9736015D0FFEFB86A4D807trueMicrosoft WindowsValid 734700x800000000000000078206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.181{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=EC928387A1AC55B0BCC65F0FB64657D7,SHA256=9E719F529FD3CE2014E17ADA83FEBB5DF3DA533E93192739324EC698EEEF489E,IMPHASH=A304C1ECFEFBD3A520A9945E2188D759trueMicrosoft WindowsValid 734700x800000000000000078205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.165{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=B8A5106696E9FFE0CBA9A5F83C146DE9,SHA256=0CFFE15440453F2A67CB55D62A9044FCB6451149CBA5B98D3E9F265768D09EEB,IMPHASH=A885832D78ECD46B400AC0EF19CF0ED0trueMicrosoft WindowsValid 23542300x800000000000000078204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.102{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.081{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msls31.dll3.10.349.0Microsoft Line Services library fileMicrosoft® Line ServicesMicrosoft CorporationMSLS31.DLLMD5=B2911DEDDF06CA1AB66C810EB98AA503,SHA256=B8FAC47D96B3577104AA20C84E532024E4B8D7A7B222E715E7FBC368151E34D3,IMPHASH=B42CEEFC5A11B8C6A930DBC4E521CD36trueMicrosoft WindowsValid 734700x800000000000000078202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.081{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=456D1A9554B75F666045F322BAEEE209,SHA256=F527B223EC94B35867641F6CDDE68B0D18048794B4837D600DC6F2DF44C17D18,IMPHASH=D3851D2627EE20865D40A6CE93CA8A17trueMicrosoft WindowsValid 734700x800000000000000078201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.065{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=19BB2A2206DA49504383900559339A32,SHA256=4DB5ACF98CD3E789E9DECD82BA6637452A236207E93C3E38B85F373965E457B8,IMPHASH=4453AC692845F7F4429D6DD3ACF00D0EtrueMicrosoft WindowsValid 734700x800000000000000078200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.065{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=50FAAB33B35115D94D3442FA90B0574B,SHA256=922F64661B34B37D35D11CB89611CD5BAE3907FDF56C782D9C67597F330F4D33,IMPHASH=3C84DC322121BEDBDD23AD37D5500FFCtrueMicrosoft WindowsValid 734700x800000000000000078199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.051{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=71488B2A3FEEE42631F968B08ED0503B,SHA256=2693217FA5F2A259F10D580B4AB95787ECB30B2DF16EF98631EF9D4B3DC62564,IMPHASH=37239F56D3864617C4EFB2A5F460F097trueMicrosoft WindowsValid 734700x800000000000000078198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.034{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=D238A301AE8EFABD029CE5C9B7777BF0,SHA256=FBB2B864831D5F0F71E1D0167B4EDD4FACB62BFD7913C465F4E291B868120163,IMPHASH=D87E30B18F53FE55C5B018AF0882ADC7trueMicrosoft WindowsValid 734700x800000000000000078197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.018{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=574CE73F5F8AEE6C2219547BC8DC88A2,SHA256=68B28AF187AFD6453173D1DC09C9C11CF10FA886FD5877B83170CAA3B0706784,IMPHASH=36E120EA05F8714D20693A7DA02D7326trueMicrosoft WindowsValid 734700x800000000000000078196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.003{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=0C5492DFFA271BC1912BADFEBB497907,SHA256=536C445B9D489749547FAC1D0B01AF7F430BBFE31BCD2924E7DB3BFE66785452,IMPHASH=91DB2465A9EA36C5C01315C79E4EAD5AtrueMicrosoft WindowsValid 10341000x800000000000000078195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.003{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.003{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.002{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msimtf.dll10.0.14393.0 (rs1_release.160715-1616)Active IMM Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSIMTF.DLLMD5=AFF8921E40DF47A2938819BBB13E0CC5,SHA256=2E521B9BF27F9EC3D0C077AD1D21915240BA5D2A7F3D64E85687E8A38DD6E5A6,IMPHASH=61FEC0F2740D3463B3883EC575978A0EtrueMicrosoft WindowsValid 10341000x800000000000000078192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.002{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:24.999{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 23542300x800000000000000032894Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:26.835{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92B8BD5A1D9DF3F372C084C2ED791F4E,SHA256=B8EDE0B6FCA2BFB5300D710CA29D6662D2AABFD65D6C8DBCC3855B5D4CF8FBB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032893Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:26.647{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24F229E7658F5F4F740C93F0DFA403A5,SHA256=5A9B7D4FB16E043DDCBF65D14BFA34D68792AFC597EE5D37CF4E1A30381C1B11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:26.681{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=353A45B6E8F0B071E7979A1283625479,SHA256=0051673611C2217CD117606087E42E9D358E8480CB2A229F4520EED8CFEC4AB7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:25.217{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63426-false10.0.1.12-8089- 23542300x800000000000000032892Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:26.053{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6ED4029B52A17463373894285EC7597,SHA256=81B3FD70A96D9B0029741BCDBCCCA0915AA143B59F866A6559E8AAD3FB9C22FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032895Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:27.881{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68416F345A6AE3E57EE77175C70EBD31,SHA256=6B3D6ABF72E04CB90096AD0C68DA7225784D65F1436229ADB89B17209D89C87D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:27.718{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28266FC6A83BBE1F17365D81856C9942,SHA256=65EFD2DAF4890A7349AC8E197C5E1D6DDB49DC6663DDBC93231AC2B80D94CFDB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032922Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3080-60EC-4A05-00000000DC01}2932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032921Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032920Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032919Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032918Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032917Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032916Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032915Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032914Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032913Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032912Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3080-60EC-4A05-00000000DC01}2932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032911Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3080-60EC-4A05-00000000DC01}2932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032910Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.913{50946567-3080-60EC-4A05-00000000DC01}2932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032909Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.897{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B495A51251D2879144A289A1ED12E7E3,SHA256=17E54537057151D07A7AC76E72154568E92C8DE101B3E5790CAACF79B920A23B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.719{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EA42609E22C86B7DFD8AB7AE359CA5E,SHA256=369C2A70B0DB268A13EADD851EB068689E37B70D0FBC57BAA440198512A5F515,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032908Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3080-60EC-4905-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032907Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032906Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032905Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032904Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032903Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032902Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032901Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032900Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032899Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032898Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3080-60EC-4905-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032897Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.241{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3080-60EC-4905-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032896Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:28.242{50946567-3080-60EC-4905-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000078228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:26.334{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63427-false10.0.1.12-8000- 23542300x800000000000000078227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C9CE1DF3C3A4CB76DEC381F83F816760,SHA256=AAB1B3C5B4FCE56EA4A78EEBE673785698FFA955ED883795D033FC6036830E2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=182BF6AF9EE67E87FF85C0532FFDB2F4,SHA256=6464BC8FEA771037D52306959432A1EA593AEF2E84D2A390C8DE3E3426EA8087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5F7ECAD19F96BA79F20CCAAC24F5971C,SHA256=3E6BDACE713FEB32DFC995155FECCD6767502E58DE04B41DA09FABBFC35AAFFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F6113B9DD217360C523C4F2FD5312162,SHA256=7A41C01027CB4A2FD8A8AE873B061FEFA7046A4253B17D805B6A35178B395E86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7AFC0D3D9CE54318031DE1722D815B6C,SHA256=36678842AC57FF1FFC153E2A65F12F29BCB6FC7AB833E13CB8324AB6908DD110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E4C1EC012A62936CC30A26590BBD8A54,SHA256=A5120355B7840B65C4B2636CF36A474AE4FAA6600442489B53BD4503465202DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=987951CC8A45DA5BDFB78D8684DB6F81,SHA256=E44E5A23407341ADC9815018581A94EB2A6CEAC24951173017089312DDA3A98B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D95A447BF785BC36EFA3C92DD124B7DC,SHA256=4CABCF7CC9082EF083C8C203DEFE897841781386D6F154560AE2D9103687D841,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=43629717794B972906407838F8AE39FB,SHA256=1D9D04FB1F6AE3746A782DDF3639807C8193D6ABE50191F1523C90DD82BA7514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=BDA9BC8278FC1A95A677D01DECDA2F71,SHA256=66773AB824416CBDAEC568572F0B9B0C35F48FEDC53CBB860D4084A5649FE849,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:28.434{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5A2C199615F5899606CCB9CAC2A63EC7,SHA256=805B24D2F1F3753E658D69BB9C967012DAF48C69F59EDDDC7705B2D4F35BFC06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032925Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:29.928{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDA3EC5F2CA08C9A85E55E38BABE0A21,SHA256=8F62E0B8CFF8D858A245898FD2F505680029EBD6211643825D845AAB02F2FC58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:29.734{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EE4BE15A3DED0EF71EB90C8B3F3E91C,SHA256=CBDD6043893881BA2F22A5781B2313A2DB9766F99FEDFCABB6B293F6EFDB095C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032924Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:29.241{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86E79DA346C070B8ED7E00F4C3371C5D,SHA256=405A589BC29E9C3ECD000C257607FB697434B0ABA0A272DC09B3C74565FCA82D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032923Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:29.085{50946567-3080-60EC-4A05-00000000DC01}29323784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032927Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:30.944{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D15D21D897A98B37D0F100AAC5B32F5,SHA256=D718FF8A12ED07DE54AE9FB5A0949A8965680993D48EAADD6550DFE54D0F7212,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:30.749{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25B6D4343A68CB87CE31B2FBF7DFE129,SHA256=3D18840B2EBE27A4D9D4234B9088F2CFC1FCC7068A96FB1AE40F009F149BE6A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032926Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:27.575{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51618-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000078232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:31.780{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A210D3F095307AFCA8351BD175193130,SHA256=C03115C7B95B00BF2AE014F4A6E1B33CFAD3AF4A39819E8CF94723E9D41EE7BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:32.781{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B2421731C15824B90E18D53E71A2162,SHA256=8778BA161480ADB0E53A2E55879FC620DD7F9D180C55511B996BEC7B66470464,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032928Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:32.006{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16872A6E46E9B417F2DA2B186237882B,SHA256=95743D568B189DB5F0F2CAE36AE84DCFB6CD8B201506F019CCBA94489BA098D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:33.799{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E350DCD6AFC6BE583CF1F71574E94F79,SHA256=AAF271E67033D67979749A4F430F336061AD200D762FB588F6F1384413C34022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032929Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:33.225{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED3852E1CBE24016C36172F1E718763D,SHA256=E61D6D87D38B042F511E197E36D2E78C7F142C5D39E60293084E941B9D116A74,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:32.333{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63428-false10.0.1.12-8000- 23542300x800000000000000078236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:34.816{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3C031216DE2C6143C6719AD7AEB0BB3,SHA256=090B5C2674400068C2B45CA8F97745DB8B6199F7E2C4F8340D0771522362C718,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032931Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:32.591{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51619-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032930Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:34.230{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F457E61A21A74C0A5C66FFB10FA110,SHA256=D9611342898EFAED1B77A2D2EF95546BA7A2204A8FB9D236C1EFA5A85ABD33F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:35.831{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA64CB7D41697D9A3FBC3BF7B259C971,SHA256=A6CACBD996016B2674AF3369AD6F86D223283A657715F992DA1ED0A1E9BDCD1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032932Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:35.261{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE46C651BAC2312EA87C58F75E545F10,SHA256=144E7CCD0B1908D9FA21E04124354435BDCB7C9FD5D432D7A15CF5E02744EAC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:36.832{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C3793A7EB01C4D5E68F2F67FD9EC84,SHA256=6E25BE57400A650EA321A6429A93252AB31D6850DD8F3358405CBEAA064F29E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032933Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:36.480{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4F4F58538C8BE9FC50E3A650ADE8673,SHA256=31F9268F4E1ECB3365B35AF57E2A7089276A804BA370519D5CB3138E8D956049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:37.862{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10B73C95B14117A958034F05938A8CFD,SHA256=5A21AC76A9C181D32B537A864E2AEF7571588354C6FAA1EBA9AEAAB37FC2CC4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032934Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:37.589{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD2EB273F74DE479B488101072A2E758,SHA256=751CA8D73831397FB6DD61AD96BD0F9C8112A41285793F530BD00D97B233C7B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:38.863{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CB80933E7D5A102F5155ED2AF41B32A,SHA256=40267B170EBB11E4B03CB8FEA3529F8CD55B3C3E37A26BCDF4FCC9EE65C116A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032935Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:38.605{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D8EE820628CB71485E91DAA050C10A4,SHA256=1F00459DED328F8E2821B2C0D26CD9A6FF37EF81D45EC3EC05B47E3BC4CC3C06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:39.877{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C002FB53D698D29B1576D4B91908687B,SHA256=8E31B3766B2526220BA918AE7805A835810F220EF46E454780643A1A18A2132A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032936Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:39.605{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAB98CEC2EF7A9C833196733203E6955,SHA256=DDADD0FBB3AD8ABD70A0BE59AFE30DBDFBC565F73BA0D8E4E45C0AC0D25C7D11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:40.895{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40E74007BB079FAEF681C9A9A31BBC3D,SHA256=115E63DBE8CADEF3963A9540B1CE64B327DC46C9860DD18216C94AAAFCD15947,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032938Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:38.470{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51620-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032937Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:40.620{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=517DAC4796C023A832C2D2690E34B47F,SHA256=38376CC81310D977AFB341C786C2CC9223E76B6AFD9355A0E637FA4FFC29475B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:38.352{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63429-false10.0.1.12-8000- 23542300x800000000000000078244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:41.929{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C9143C2755D8E89930EE8460D8945B4,SHA256=B9C2FDF682CC2B9D8F4EEDA9C886CF67942E326840F58A522E279F3C0EEB4005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032939Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:41.636{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E642E7AB227157C5E2635297134EE54B,SHA256=7B3F45AAA7270D3D22012A984CF5BC9BA1BEEDB02E830B8AAE5298BEA24ED6B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:42.930{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CCEBE51CC7E937683EA09ABEE12A322,SHA256=3C673A46A9D1908FF2825F32CCF575E0BFF03C8E92E91F06F585C1E4A4283F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032940Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:42.667{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DABFA7C9C2721AE76AEEC177C0C9581D,SHA256=F0789EB6C2325E4BE863960BD469180DC52900E66B85D530C677262FE1742E9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.943{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9522794628BA96EB8A432302F4D7BAF0,SHA256=20C43B43DE0134A68643FE93A6EA42EAC3C3F974D25B49B394CB8F20568F890A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032941Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:43.761{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1687D2EE789B781B31731DAB65AA3DBF,SHA256=C8CC71114A99E33D78A291DC75E0A290E569021746DC205B0876E46D1E923576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.891{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=8100E913F0D85631BB0BBA196B4655E9,SHA256=9525A29EDAEB9AAF776176A2FD50DA4D18AE0773C67A6AEEAB4EDF43437FB164,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=3FE1AA6321CF02BC36EF0CC5DB53D6E9,SHA256=61EA0686DC92322EA27F3A5FAC6FA3B6CC5F98A7229A4A7B96BD4D4CADD6B406,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D910F7F0CF7EB1AAFCD043E444FE98C5,SHA256=CAF3ECA994B698903E04A112FA4D211A9B02905E7083AC9A3663D09A28F1335F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=67CC593804D5AA03F3E5A1B1647D2761,SHA256=955F10580F68E5055AF56BDFF84434019B6ACA2B5B30BEF6AE71964D8F0BBD16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=73133441D6E85DD60BF03B07F0E9D3D4,SHA256=CF2ED141B208E9CD751A986ECAC661FD0B2BBB6F648D7FE70E93424149DDB9D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=15E8F812BF11759F18B1F56F73F6ED02,SHA256=DDD08225FD4F2613788904A881F525303CA4C2106A7F4388213FCCC83BB2A919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5C97A3510E01E6EADD468EBBEFE9C1BB,SHA256=D7E354DE892C892CD3623E6248F0EAE52D93677D4A8B31006B2328C9371E6FB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=74B52C92438B5A7591C101EE62497B36,SHA256=40416193E0E34CD30376405939F28CA6B11D8EC1E2DD1FD3ACD45D001137DDAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=11F059A5900BFCCA0AAF67BCB6F3AF9D,SHA256=E6EE3EAB8D9F29676EA88705CE73A6C4B78AB85CF2922D2ACFD48D9CDE59B8D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=689E1B10BFCEC84569781B3559C9D32A,SHA256=181C662204F9207322F75E96F315F8259D26331CD8175A4318CC9B169C75180D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:43.874{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E439BEA735522445EF512AE584A9AC0F,SHA256=5E585EDD97AADB57430C3B384A3C9309CCB9D0CF32322DCF5ABB3A204DCE6E17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032942Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:44.964{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=740279CF0A507C41F309155540AA469A,SHA256=A5DDCBF6844B6493435BAE42F568875EB0AD4ED18EB84961D26EBC08B92A54D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:44.958{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6242049C9A7C1E799F9E193F07CD6CF9,SHA256=750764D35DF60E357CB42CA16ED542B4E9E7FA0081BC9CB961336C86607F39C2,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.973{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.973{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000078267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.959{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.958{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C3C769AEE203066BA504AD8FC2C7C50,SHA256=A91A67EA994582EA510BFE6751A841CB2A5C6DC7FE6C82F686EBCC34D0EF8308,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032944Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:45.980{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14720E659BED6942E81143CCCF81F6F5,SHA256=0E2BF32C4342BB728868DB2DED4CC425CFECB8EE15EB298E5C0C314693A2D899,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032943Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:43.517{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51621-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000078259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:44.379{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63430-false10.0.1.12-8000- 734700x800000000000000078363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.859{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.859{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.844{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000078339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000078327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000078322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.828{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.829{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000078315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.312{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.312{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.312{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000078312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.095{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.094{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.075{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000078303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.058{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000078285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.027{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000078282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000078277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000078276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000078275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000078272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:46.011{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:45.995{8057F119-3091-60EC-310A-00000000DB01}8832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.543{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.543{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.543{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000078418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.359{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 23542300x800000000000000078401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0239E647F87885ACE731E0443758F72,SHA256=5F2C9D65C32C1BB693204F7A2D142DC5A101131CD408647BCF45454A79C8BD62,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000078382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000078381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000078377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000078375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.343{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.344{8057F119-3093-60EC-330A-00000000DB01}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.143{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9266A23F3F1DB4EFEBED90F598E50B7E,SHA256=2DC824B390085048679672AFC42CFCFB7E6B45EAA4D218B1B2449ABEEB3B2457,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.143{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAC6E84597AEC59E6A3DF9EAA1D679AA,SHA256=B838B94B65B0DC01379BA0C35D122D782AF477DEE8F4982B44A66E220583D444,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.143{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B9D1DF875F7F1BCD28B2A08344CBEC4A,SHA256=472D4723F2C7F52A4ED7592D5C7D422AD98B471B2C58DC895CE2B51F7DEB70A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.098{8057F119-3092-60EC-320A-00000000DB01}51285252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.097{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:47.097{8057F119-3092-60EC-320A-00000000DB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000032945Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:47.026{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E66047D54A2D7D6E16A0C2339BBFEE55,SHA256=127F31F7B3969A389DA47174A55E1A87C6BA2943F3F541FD9095028993FDED6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:48.458{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB149040DB54ED2FF5A8A5EFD7B16622,SHA256=EED933DE4F8AF84C07E14746D1CD985FAA988EF909399C4C8DA3BE86AB673FCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:48.458{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9266A23F3F1DB4EFEBED90F598E50B7E,SHA256=2DC824B390085048679672AFC42CFCFB7E6B45EAA4D218B1B2449ABEEB3B2457,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032946Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:48.042{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE4EE7C5B5B2347DB8EF7233ACCF9B6A,SHA256=6F33D558F4D2ED7EC842F6A9A4CD97370243343C145CF60BD54B31E842C07E82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032947Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:49.276{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FD2FD457DBF9F63925A97148198DB2F,SHA256=CEA710D554163A9CDC3B3DDC405E370354C4A8AC43B24EF64B48D73C9B6FDEE3,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.625{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000078474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.625{8057F119-3095-60EC-340A-00000000DB01}94405936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.610{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.610{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000078471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.588{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D92EE7712C48A8526EFB096475BCAA7A,SHA256=A2DC825F906A8F4797F1193147273559BAFE5AE616A0B687FB66AB8ED20A2BBA,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.410{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000078435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000078430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.388{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.389{8057F119-3095-60EC-340A-00000000DB01}9440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000078580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.942{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000078579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.942{8057F119-3096-60EC-360A-00000000DB01}94009684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.942{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.942{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000078576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.725{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000078541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000078536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.709{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.708{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.707{8057F119-3096-60EC-360A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.705{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9A89F937441720025C24AA45E7D3F21,SHA256=F6C2F6D43B8110E190698DCBFFC2F80F95868273E58DD9A6D2F2EBE02167C163,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032948Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:50.511{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EFAB7310D3CBEF01E5E3FB2D99688BD,SHA256=129224AD4690CB5358CE323AE5705E76C4FE4EF3F2D35871ABAEEA7CE4717A8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.424{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B18121DCB6C32F7E55C66FE13362BDB0,SHA256=A1471037F715068C29B5771B6785104C2D30D068A33E1F4213220517B23246CF,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.271{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000078526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.271{8057F119-3096-60EC-350A-00000000DB01}96927252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.271{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.271{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000078523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.072{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000078488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000078487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000078482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.056{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.057{8057F119-3096-60EC-350A-00000000DB01}9692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:51.842{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79F5C453ECB0EAA23639DB2E0BC59473,SHA256=9EDA7FC431D56C7ED101B25FFBEADAD057B9055984B969F7ABDDE3891C060D87,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:50.292{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63432-false10.0.1.12-8000- 354300x800000000000000078583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.893{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63431-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000078582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:49.893{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63431-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000078581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:51.726{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=528D276FBD224097D11A00455F156DA9,SHA256=CCCAB9CF81E117C7F32F4BFB8003DBC9DBF96E861369087635CFFDD46FB40CAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032949Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:51.542{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F26B5D593B164118C1753664A6289D12,SHA256=F6D0AEF09AA801E51B6CFB6F8FE2823A2676470B26847AB30C6DBB7C72081472,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:52.757{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CD81D3FF14D67E0516D148E707DF838,SHA256=6C1E95180D309C15B50A389D390060A30F8F28280708FF0706B2D9FAB60A50DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032951Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:52.683{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93F97E98E49E23BC3B0E49FDFCB35BF0,SHA256=951B3E67B0041F0138B69A5CCA46FBA0C6C6697FAE3EB670A906604DF6E192BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:52.507{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:52.507{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:52.507{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000032950Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:49.408{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51622-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032952Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:53.687{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7346871CF9436713C1F6A51F62A289E2,SHA256=CBA101EBAE7786E9FE28A04F8D1F529FCA70746FE0F4288AB44E48C10EE5564F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.425{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.422{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.421{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000078637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.208{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.206{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.206{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.205{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.188{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.188{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.188{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000078624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000078605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000078601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000078596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.172{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:53.173{8057F119-3099-60EC-370A-00000000DB01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032953Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:54.703{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0167603DF5D7FE446BF2824DF31FAA,SHA256=5B4F04B6397453F142256EFF96FA68FD6C47B6577231581336348E8A1739A215,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:54.178{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0CA05BD21F77C48E558474775D27F3E6,SHA256=64708BB0DFEC7D4F2591FB429BB35A31FFFD66A9616C71AADFD66AA65A543E5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:54.062{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D85D00D363CC57C92F178913A63140DC,SHA256=E93679A6C47A2394C9FDB07CA78578BD76FD0CDD6A1FA00EAA851F25C07C26F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032954Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:55.796{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EB1F41919116B1A74F0DAC37ABBD9EE,SHA256=F7746544C97C209428C49F962C4DDCB06D8BF3099BBA5ADE0E099A12BA3BBB02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:55.063{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=981D2EA860FB9035EF52EBE281B112ED,SHA256=06BFF1B58CEBE6C6E4EC982801D8B746D216217F011C7C1FDCA1B2CEBCF8156B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032955Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:56.796{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47AA73151126045CECCBA9C502C7C126,SHA256=5D094B460DC9C2ABBED42D875E239E7B76CAF7C718E933B0EF0401440C4434B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:55.299{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63433-false10.0.1.12-8000- 23542300x800000000000000078655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9C363659C3F3749A44477D725AEA3A20,SHA256=97F43852F7E8E707793590A09635503ED63281D691B05A1C4A35AC9FD5DED3B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C8ED2647433C26B9B9F8510FFD3D5892,SHA256=1B59A3EFF16AC058AC5FF3711927640C565360849E73BED4ADC0776CAEFEEB2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4B41897089537505AF9733596A38B379,SHA256=D471CAF47F15A3C67852368E074B884A03C48C4E48BEE0D0E31419E9B00A321B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E83FB90FB64D47340DA61E603D8C1DFD,SHA256=DD5342B965D7A4DE23C25679503B8661BA40BD4CCEA60920593F83C88646238C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C65F7B0EE3C3E2F9BB1AE4BCF18575A7,SHA256=4998519F37F53F7C7F6691A9D3326634DB299C576E20217C494A891DF31CDBF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2A695F10F0CD413DD3BFBAFBA989B9B3,SHA256=6BAA01836CB64FB087F8C0A27C66B37535E878870E571B65A4AC8AB60C622EF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4B10D3ECF160408C314D442F3FEBDE2D,SHA256=07BAB1D2A25030FB484F2133A5D926BFFB3767485672B80E157F9DFD8CAB1876,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.246{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=3F8BC09C0629725EC44E7103FC5AD1A7,SHA256=E5F7BE6FA485F4B45250B45BF1E8D11136E0088AAC9743D3161041FA942F5408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.244{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2FE68322DF800053E69606E409911C10,SHA256=12220FEC5B4423C9B7B4B824E97DD9EAB6DF15082C35E2BBC34FBE3EBC8829C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.243{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=725D9887FD5B6A2EE6C4815F4070635D,SHA256=5C9C42FBF350D6ED7F581A2D11D7EEF97293C4BAA9EE5157525E3C80B128BABC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.242{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C9C0A778C3050219E9C33BCF867ED216,SHA256=2032DB2031D5F1428DD37D85621E541C233F1E794AAB683B5563D2DB8C05ADD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:56.078{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C73BFE836A60FBDDDB49925C96AF2468,SHA256=6B7BD09EAF2814DC8518C846F82B69C9BDA7344337791E28F345042A4BC61125,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032957Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:57.812{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C2A3553D43DBBC0579044D662DAC4A9,SHA256=43853BD894F7F43DC053AE0A17604A2FF872FEF3EC6B0A8E6923E1E400FF6D63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:57.093{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4432E5FB01C4C24891C5331FA54F9917,SHA256=154EAFA78D551CF5EE03FD430FE03917F8F873C35FD8A732F6F545E003A06BA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032956Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:54.537{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51623-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032958Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:58.828{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AA1714BD4F8CA4DAF0ED2FE217C6B31,SHA256=ED9AE7A233AFC3D0F7D741D318DAAFA9F986CFCD2E4737D73E5F7157B11F8800,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:58.109{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47224F9F6895B505B4230B102C838B48,SHA256=EB0440F2456E88E09D4B5FE45AD7217DCE0FF53DB5244580ACEAF6A51662E25F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032959Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:07:59.843{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=182D433939CE72813CB9CB430FC108F8,SHA256=D603B1E8D714F6F151686AE375CACB1E1D7F16ADC34A5FA7CC237AA6AAAB335C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:59.608{8057F119-21BD-60EC-4B07-00000000DB01}58801956C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000078659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:07:59.124{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F92AF36D4FCACABF140E76C7580C327,SHA256=B98700A122E5C9B14A7D48BDB854312AD824B73D6A5546E14CBA3201DFBC0068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032960Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:00.859{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=839349BFE61112CC9E4CF8CE2677C9EA,SHA256=15A97E63B188743B5E626586D60E9E3AEB6D20971BA81B2DA6234EC4BC9598B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:00.145{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F44DB38F9CE5AB863195D31FE8DE5FEE,SHA256=B1543EDA557A56D30119A6EF969627098F436A7E907EB42BE61FCBC4B690CFD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032961Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:01.859{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B22BC0205B87D6E4B22EE674F60980C,SHA256=9194C899BB4E22F172DDC387634447CEC1181029005ED16EF98E2200FF0C9B02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:01.160{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98F6A0D7BB3956B1DF946AFA959D9189,SHA256=6DC3C7CD71D694036DEA7CF97131B8269C2310FB17B2F210FCDAD65329FA3351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032963Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:02.874{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10F588679572DAA4B5713981D84728A9,SHA256=BC85A7DDED6345A0233A14BF8F57C8B60E9764899F88308ADBB3ADD34EED7FC3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:01.275{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63434-false10.0.1.12-8000- 23542300x800000000000000078663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:02.174{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11A1748C3D154155F569046758AA260F,SHA256=29227C9D1C6E343DC95890BE1C3EFA05F8CCE13358D9851AF401FFD2B3427A25,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032962Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:00.584{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51624-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032965Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:03.890{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A758153965B2A9661F6F12D4ADFF8F3,SHA256=E4808D535C1CE67D89F740475E6C0B0032898E5FF71EAE8B7F429A47750B55D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:03.205{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F89B21B6F39FF7F9692D6CD9711FEACC,SHA256=EB6E127EC29052D5A0D698D3BACC17B8133D3EAA970624A0BC3EEBFFAB5DAF34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032964Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:03.171{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032967Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:04.906{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BF7617C9F6497BF85460D4008D7669A,SHA256=80F0BF01671410594AC36588904C82446B3592D5EFE70DF13877378921F20230,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:04.206{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15E256384509C0A8BE3A52627C015C7B,SHA256=7ECCDDF273A5D6542B5B09A6C14A2C3505923D654924366281DAE3DC2DB0F784,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032966Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:02.521{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51625-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000032968Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:05.908{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E719112399551BC7B65646DDB793999B,SHA256=AACF6A878B776C012AA7F75A3908A06093785AA56E96978F8C3782AD7754D08C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.605{8057F119-08A1-60EC-0D00-00000000DB01}896496C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+f526|c:\windows\system32\rpcss.dll+121ba|c:\windows\system32\rpcss.dll+740c|C:\Windows\System32\RPCRT4.dll+64b8c|C:\Windows\System32\RPCRT4.dll+64979|C:\Windows\System32\RPCRT4.dll+64793|C:\Windows\System32\RPCRT4.dll+3f7d4|C:\Windows\System32\RPCRT4.dll+3fc51|C:\Windows\System32\RPCRT4.dll+1c39d|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000078667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:05.238{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF915FB4DF7B5D6E9841C134579B9F63,SHA256=0FB0F0B680695EA459F7EA3B6C2CEC713AFFF16F1D7C4467426646C6E3E6E663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032969Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:06.920{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF339BB9739707B2C02EB056982466D9,SHA256=21BA0C6B417AD61136DC2FAA1D5DDB8B6C806573EA304C581A0A3FEAD66C297B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.973{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000078683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.973{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.957{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.941{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.941{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000078679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.257{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5183CC2B5305B81D1F6B023B3DFC5F91,SHA256=AD8384ACCFB9882A03C8098B5B1DBCAE311B89CD5426FAEF182C6D7810E93CAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032970Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:07.920{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BB1C92B5DF3917BAAB4A83EC09F167E,SHA256=225E6AF9CFDB9D0FADC3463D554EE2A54D79AE7A6CDD7CC4E57FBC505BC58DB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.660{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4207-00000000DB01}5712C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.660{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-1972-60EC-F605-00000000DB01}3272C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000078710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.523{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\AttackRangeSysmon.xml@2021-07-12_120109MD5=AAD222C46E4A4BD8E74293117F4BCC6E,SHA256=92CA74F62972E58B28C7328C3283263187A82886FF2EF84352B304AD573CDA7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.523{8057F119-2CDB-60EC-8009-00000000DB01}9640ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Program Files\ansible\AttackRangeSysmon.xmlMD5=114438BBB752966C7A130DC1E25C40B0,SHA256=6CB860173BB84A23AF5BD277EFC158888C79D09394E85CE599DA68D96DB29343,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.392{8057F119-21BD-60EC-4B07-00000000DB01}58801956C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.392{8057F119-21BD-60EC-4B07-00000000DB01}58801956C:\Windows\Explorer.EXE{8057F119-2CDB-60EC-8009-00000000DB01}9640C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000078706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.275{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73524F43319E03F8102954B3C91D0704,SHA256=F9E4FB6AC53F23C0FD4FAB5B95BFF856E8604D0E9FFB82F8CACF668E1BEB9CF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.175{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.143{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.121{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.105{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.105{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.105{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.090{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.090{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.074{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.074{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.074{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.058{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.043{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.043{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.043{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:07.043{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.988{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.988{8057F119-21D0-60EC-6307-00000000DB01}71727656C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000032972Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:08.936{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=559C5F3A06274AE8F907440405C9C1B5,SHA256=DB39B72B963F618DB95BC864303DFC5554B7DE85EFE144C518786C0DB223FB91,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.992{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.990{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D4-60EC-7007-00000000DB01}6928C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000078717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.275{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E871ED950B315F63C3A3D8C92ED4AE62,SHA256=AC6F95AEFD55BB5CDF4B82B0AD6736640680ABFCC70F7FB80E1BDE8432FE78D4,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000078716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:08:08.275{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\2F5B0B75-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_2F5B0B75-0000-0000-0000-100000000000.XML 13241300x800000000000000078715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:08:08.260{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\A48E1583-94F8-4700-B651-E79BB21ACBC2\Config SourceDWORD (0x00000001) 13241300x800000000000000078714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:08:08.260{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\A48E1583-94F8-4700-B651-E79BB21ACBC2\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_A48E1583-94F8-4700-B651-E79BB21ACBC2.XML 354300x800000000000000032971Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:06.489{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51626-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000078713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:06.326{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63435-false10.0.1.12-8000- 23542300x800000000000000032973Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:09.952{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74DDC1F5DA9CC1010F6F891B55A435CE,SHA256=98B82F159FB746DABB866AF14B4D85D7D9C8DBF386111D2C841DAE0AA3AA019F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.430{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63438-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000078727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.430{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63438-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000078726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.418{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63437-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000078725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.418{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63437-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000078724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.398{8057F119-08A1-60EC-0D00-00000000DB01}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63436-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000078723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.398{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63436-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 23542300x800000000000000078722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:09.317{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EBAD68061B5D1999A90C5898E6A716B,SHA256=6099B4DE33911E1F5EE711A857B8994230759CAD65CE99218F20465AECDD7B11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:09.293{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=15D65415808FE9220F9FF128C2A6C4A6,SHA256=4A81B26B0A80DD6232953FECDEE0AB7CB8A4CA127812253308B843B311069226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:09.292{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D57F5C0D108707B851E2E1C74A856415,SHA256=9AFA2BB58B612E52792CABF54E86D5792A8BDA57EC24D4C9D74B20F14DC274D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032974Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:10.967{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0024A546DF17E7F52756D897FFA2E6A9,SHA256=F04FA1DC0DED75C96978C976B32C3DF4C3BEC1C939D65A1DA23F2096C30B8F9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.904{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.673{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E775E63B8F344D03CE5D8D70EAA71BE,SHA256=5FFF6C30BB6E516EA1ACD0D7C3B55660E41C6EADFA51143A9911AD127C6DCD7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.390{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.vlpsetMD5=4389884605AD56EC50BF27FBD4CFB473,SHA256=60B552CBA048738FE850BA958CDDF9B742B6FAA7519F455D4B39437734725990,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstoreMD5=3F92B621E1581AD764BE2EC57381AF23,SHA256=18FBBA6D350213F61DF718195FD2B38A3B8344D0A5C22C2713E6F8944E9A9DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.vlpsetMD5=8D76E0D31A687AE5A730C71C052C68E8,SHA256=6747A2FB92023CBF27E345AAC38B2BA7695A7DC5E9A42BD793D0CF6DAEAED260,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstoreMD5=DC7308A91A03C92D7329F37F15C7AC82,SHA256=180DDE904FFF036ABD4045A52850200ACA369E4577E14E0675E5298855A6AA0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.vlpsetMD5=54971F1ADD787A9676F9DEFAB4C7FE3F,SHA256=FD890E3920CDFB62C1089C6119A8F8B713F81BDDAF7BEC925AFB4BDFB32AF5E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstoreMD5=0A19E4A237D65FF069452EF5201F217E,SHA256=AC5D43328F28E2B1159D014197F58D987C2AB78C9179DCD924524353571FA604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-track-digest256.vlpsetMD5=D95F203FEE1C8FAE222EF4C6D410971B,SHA256=1CA57763647104AEF83C8A86E8366FBBEE4BAA88C900C7AF66F437720319CEAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\social-track-digest256.sbstoreMD5=C0FE3CB314FDF424A4D4F1DE2801A4DF,SHA256=C4CA8CE5B3B8D038E3348887BDA7634D1949325BB95A68D17184D2A99F37E810,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.374{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.vlpsetMD5=8F1AF05E946BCD9711A1CDE1B1ED6C95,SHA256=0F5C8864E17307F3C8CE1D35AC4770D0C1C34F8CDB3FC7404F2114B4E0FD93BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.358{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.sbstoreMD5=B91E9842F81EE5668B68C0B5B561010A,SHA256=19F7DFB5FC8E587C8D48DC8A779B07E1C11CCD772A7B68025146FF0A335B54CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.358{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\mozplugin-block-digest256.vlpsetMD5=FCC9C2C9B611A3264B68EBE180EB4248,SHA256=6ECD378A537EEFE350B45CFA353741383F407D99D776BF23155A7825DC5DD2BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.358{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\mozplugin-block-digest256.sbstoreMD5=519BEB1B01FC355BB388F1F75BE997FD,SHA256=FFE2D3077B81AE6F51B220C1C661B276C823FA67DAD1D64FC5F17249FC54BDC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.358{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-unwanted-proto.vlpsetMD5=426E19544B2D86FC0B8206D3262F9D86,SHA256=37372FB2AEDF539572AB3766BDCACAF60644200D4E32B6A01427CB7E2D195B06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.358{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadataMD5=1B5BBC60B06904639B1BFDFFA40D869D,SHA256=FA7AE5E61018E9522BF595680A24FF5706F91A305DD78820899269EF494A7FB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.358{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-phish-proto.vlpsetMD5=43BB838052B04B4E3741C93E46DE001D,SHA256=21A1A64EEB6C2FFBDFEF043C088DB953709FDBD144EFE51059C2285372F04056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.290{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-phish-proto.metadataMD5=035D717539B440EB44CEA56BDCD1FB51,SHA256=72261D13D33263D713B5C9ADC5FE130A8D66F45F36A92DDF31EAC8832E9EC4E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.290{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-malware-proto.vlpsetMD5=3C7FED95E72EB63128F0A343D3DEA46A,SHA256=7C57AB1CF8170A88D4979ABDABDC79CFD87200EE9E1D3EEB58B93037D03C9975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.274{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-malware-proto.metadataMD5=CADF50ED76C0BAA68988D8669B1EE4D5,SHA256=C64B545E776C3755DF9F8B1F31D6E1BC201F0B26294FC04040959571325C6977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.274{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.vlpsetMD5=EA86E0097B81FDBDEE3F12AC90CA6410,SHA256=6A242B62530E38DDCFD272643F6CC44EDC0208C69DC3022D6CC273F4C7E79AF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.274{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.metadataMD5=DBDE3BAA15B0B56BE0910D8C92AA7CF5,SHA256=4CFBE9512EA828D348725E3555ADD870F27029159837F4890E6C01260D094009,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.274{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.vlpsetMD5=5C7E35839448B6B48C7CB0BB2EABF016,SHA256=FE562E54CE51AEC9F692C0256562FD6497A0EFC81F6FC40CF65F43314A5353C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.274{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadataMD5=37EDFE3CDE9F501631F1FC8CD08255EC,SHA256=6BFF7473CDE39FE29094BCDE32D6F02D95D0EE0F322C3860B6D30867982F96C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.274{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google-trackwhite-digest256.vlpsetMD5=E54E5B84194EEE15E64D2A03F1136BB7,SHA256=07707B589BE3DBA3BB0BDAC67760A2B180EA3531E9D7976B73E4C1D8DF9DBB1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.258{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google-trackwhite-digest256.sbstoreMD5=5A35E65CADA1885B6796D1B3FE56E5F8,SHA256=35A1BF0FF6DD2B70DA5F89611891D413808DDE1510D03D788FF48A214AFA7CDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.258{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\except-flashsubdoc-digest256.vlpsetMD5=0C0D67875BD75A0227C02DD8529BA01A,SHA256=614BE0169EC36E67223EB9645A98DA66DBFDE5DFBB89BB064F428AAEABDD9D97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.258{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\except-flashsubdoc-digest256.sbstoreMD5=22698B4CF784DBBAE2D583F00491D43D,SHA256=3849563088AE0677D61702A1310FDE26DE5DDD846D53037222D3EFE012197BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.257{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\except-flashallow-digest256.vlpsetMD5=7194B6BFF691A056852A51E2E06CE8FE,SHA256=CBE2DC6ABFE25BEAD60F4DFAF419FC0F441FF8A8DD4A2FEBF5553BE1CBD90C49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.256{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\except-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.255{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\except-flash-digest256.vlpsetMD5=C2994D388F8780C87D35C352D9582985,SHA256=7ED09F7D2BD632F70077A4AE4F2BD2F3FB654B03CD72652F51678B0C7D027F25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.254{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\except-flash-digest256.sbstoreMD5=D5D6B4D59B4AE4E2DE4B40D0DA083571,SHA256=000E3A78C72A210CA3B5417A3CDD294FBCE2A31661601C9D594C75CF2800571C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.252{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\content-track-digest256.vlpsetMD5=E72E6B0165636DAE364CC43097FCD4E9,SHA256=3FE594D286D351B102E94676FD8A91B8FA0B3FDDD151336DDCE8C9BA2CFCFB50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\content-track-digest256.sbstoreMD5=318288F5909637E0C3285C0942D72FF4,SHA256=F2BB9D40F7237C0E6D8EA96DFA2E864BD1264EB191C52BDBF16488D9466BC300,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\block-flashsubdoc-digest256.vlpsetMD5=40165280FF1345B5241EC2A9D1DA2AF0,SHA256=F80BDD5341D8B1EE946E344E258EF2D35C3C0BB6B13EB7B3E6A77467DFA8B97F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\block-flashsubdoc-digest256.sbstoreMD5=B9556D03AFF392142AD5691D2F867310,SHA256=CFD3909B41C1EE3CBCB8B7D2B1378065E7D3B543FFF1F2FB7A4F25C5FF41722C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\block-flash-digest256.vlpsetMD5=130B9AC2BEEC5ADA274561105D81AE36,SHA256=7D99FEC08182A5B95D18D1569EDAA2C60C2AAFBD15A56D8882F22F3B395E6460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\block-flash-digest256.sbstoreMD5=9F6B331AA1E070DCFEED473E76CE56C3,SHA256=7DBBEA2DD387EEB85E1F56E02FC9989ACDE570CD43BFEF2C2A827093BA87DA6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.vlpsetMD5=F7A173C65979416711FAFF47FADFBB44,SHA256=7F018CC32CF471750B6C5322E27E4F1C38097C414E7C6DC6AF9CF31E607431A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.sbstoreMD5=5C71167AC9642FCF7752093F77FBBC89,SHA256=6714F7FBADCCB013DA1D8ECEFA6368A7D193E1F2460477F8AC304EDCF8637AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\base-cryptomining-track-digest256.vlpsetMD5=BFED06667174B0D03EE7F88A3DDC9A8C,SHA256=7AE5584755089D28C3A52DCF1EB86E62D4F2E377D61A7D549C6D4EBD53F39B26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\base-cryptomining-track-digest256.sbstoreMD5=E6AAB64DC2799B4ECC6A6D18F86BD283,SHA256=D72FA31B50E9164371C5B7A3CCA257B99CE12D900FB07DEF942361D76299F5FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.237{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\analytics-track-digest256.vlpsetMD5=16E5F327975AC215E9EFA4A4FC5262F5,SHA256=4698D628493E91E42494C8343B7E6469DFC1BFB1F771258C2FB556E84EF314B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.221{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\analytics-track-digest256.sbstoreMD5=C3757E7620737B3B6500073B370852FE,SHA256=34B07244F673343E9AC1C775B455C0A60AA95439E83A70B0C6A24E504A88F4B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.221{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\allow-flashallow-digest256.vlpsetMD5=DE0D88480C24350C59E1E9A3583DE0D1,SHA256=01BA9F0B913E04ED10BD7166796483DD4F72005F249D6EE68B12117BE4B5D3C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.221{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\allow-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.221{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\ads-track-digest256.vlpsetMD5=8D9E3EEEE577DCE4B0062413A081F9F2,SHA256=D0E3356B67A0BB9BD101D87FA6E23EC2699CC8A25564CD88076663DACF73A9CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.221{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\ads-track-digest256.sbstoreMD5=2CC22CF356532158115AB8A0851A9A80,SHA256=6B106FD00C6E27909C9779448E5BDA5FFB96FE2A6FF42636A662AB411D9906DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.205{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadataMD5=37EDFE3CDE9F501631F1FC8CD08255EC,SHA256=6BFF7473CDE39FE29094BCDE32D6F02D95D0EE0F322C3860B6D30867982F96C3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.508{8057F119-29AA-60EC-DB08-00000000DB01}8952C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-89.attackrange.local63439-false142.250.74.202fra24s02-in-f10.1e100.net443https 354300x800000000000000078736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:08.507{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local56982- 23542300x800000000000000078735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.174{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.105{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadataMD5=1B5BBC60B06904639B1BFDFFA40D869D,SHA256=FA7AE5E61018E9522BF595680A24FF5706F91A305DD78820899269EF494A7FB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.089{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.089{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-malware-proto.metadataMD5=CADF50ED76C0BAA68988D8669B1EE4D5,SHA256=C64B545E776C3755DF9F8B1F31D6E1BC201F0B26294FC04040959571325C6977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.089{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-malware-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.074{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-phish-proto.metadataMD5=035D717539B440EB44CEA56BDCD1FB51,SHA256=72261D13D33263D713B5C9ADC5FE130A8D66F45F36A92DDF31EAC8832E9EC4E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:10.003{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\ush62qqu.default-release\safebrowsing-updating\google4\goog-phish-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032975Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:11.983{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECFD12FA3571AD126046AF5669E1936B,SHA256=69FD0D80F8CCC75B1BEF973E96CDE03FD95F5007D88735E8EEB2203FB2342702,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:11.373{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC8A8A75FB837D1459253D897FF6E751,SHA256=EC9AE9465D0109CE8211EAE66F32FF824DEC1734F1B23F6D515D9E9EF05465C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:12.404{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12812B15266AF3FA2FE28DB40C0358E1,SHA256=4DEB48DB5352E163BFD53BE049EFC812CE3E03C21CE2F810EC5C501B65290031,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:13.419{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35E80C85B0BC123578B7907E5D12CFD2,SHA256=C7552A3B6A49A44BC44953FBEC00F8E59C31664855747AF2576AD0F62DA3F5AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032976Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:12.999{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D71C6F0EC230E7B4A4FF234A9B218501,SHA256=C5113947B25DE4DFD091B72E4FB4ED83CFA1F5A57303D8AEF88F6823D0CE5C12,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:11.372{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63440-false10.0.1.12-8000- 23542300x800000000000000078791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:14.434{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DA3007C79A42B492DEC39AFD8F207A5,SHA256=86D0C1F5ACE6B18454BEDE973FC3313AB7D6A364B765E3913180189B90961558,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032978Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:12.458{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51627-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032977Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:14.004{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A09B07B53BC055866613ED5BCD4A5E9F,SHA256=109D7232C69060CAE20C8B6A5F30A5DDEA9906AF57B31805DC68A5178ABEC9FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:15.452{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=177C436EE27550CCB39D8105E0019DC8,SHA256=4D071F7BB14A0DCD9D06A0371CDFE6D8A29DC3BF2FB660598E09C2A32F45BBB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032979Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:15.019{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A69DA585438662247A715D1C66A8E80,SHA256=C4785565A1DB7F5DA25D67CA440EA2F17AAFEA319AF17E4B9FCBC2E2C46097A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032980Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:16.035{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=351AC6319B3EDA1B9E5DA0081AB54976,SHA256=1D9D3304E6D03256A0B0B35BB447A590BF7823F6584F5052074D705F280CDEF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.718{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=245FA8875072C7763E9AFFBFBDC5ADEA,SHA256=693FD06641F891A64334A86397C558BC46D18FA9875C6E4C44FC5928B04813CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=56087328B97171A7447A0D418C9BA5F0,SHA256=E250BC5076EAE0AEA52499DF329FA54C725D8BA98B8A1B44445F593F6EFD3220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2D5EF4B9A4635B2295124312A583156D,SHA256=35F4808B9C9E87E7ABB584759B5E97D2C6D5C372DA3BD83B5378285A942428E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=55959B62355508A9CE73E6643958F6F7,SHA256=33C072AE90ED99C11E0EBB9F2B6A60E2E9301E89A134181B454F31F10E0A8AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7C3DEB8E573EA98036C6414841C91683,SHA256=9D5514FB1B6F136AAED748A9982A7D0348890A2C0D6D053F063A42378EAE793C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9E5901ED6BBE158C1E3E36BBD458E9EA,SHA256=9FB8AD1643ABED008CE32804311359970AE4A48BC9A890AC4A6911E891F346D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F8E434E6AA9A4EF3AE83E8D95D23BC51,SHA256=27C400007547ACD6FADC762864DBDCA439B75D6336FEB74E97C29B7E5BF80F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=1D4AC5860F1EE488E661CC838C8EA133,SHA256=A1F77BD55F667439B95AE0B520D933B12E7E94590EBB4FF2BB92247CBDC7FD62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=1FD913B79C47857AD6FB8EB78297E022,SHA256=7EA0F42F6CB65F97C248F8228E10ED429154D3257DC06F27FD80614729FD23DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=40C7CBA9EB063D4CFF94DF7B142FA7BF,SHA256=5730979A09D3843A7543C27992898966691A157F72BCE64B1259752A27F90D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.702{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9D8ED10AAC6F8E22F9150824B55554B1,SHA256=22CC4B247982B8DFDA3C646B645AEAA639D57406EE6C494CDD8316F389EAD24C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:16.471{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15F008E0B5DC2D9EA77966BFA0B22837,SHA256=1C8C343BA918AE3CF28B7EFAE81B28C3E655CF3A22BCC8E05D1BEB72A91B28BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032981Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:17.050{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6219C16CBF1DFB005C45207E2403AAE6,SHA256=88CC1EF239F90494D06472DF9FC96D2517C671D78B16CCDA9F3BD14F6BE38106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:17.472{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A033601BA2D5F1B1AB318ABA7286A3E,SHA256=CFF42F3A2500C3E226741192ABD4DF39D15987F6464BEB25D77BED64E9B2E9C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:18.472{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FBB10B5CE244C8A0D7C33C5536DC54A,SHA256=59D4536D354EFF4E2B421EC77DDBAF2EC28C9C26DF78B9B5E91FB02811F64F59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032982Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:18.191{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=475075FBBDA9D1D43BFBAECDD0ED3556,SHA256=B2119C8CACC640C820ADDF546D17B7F5B562E8409DAE4A81CCBDB2772AA092F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:19.487{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21303C109C2845A876893959C41A55CB,SHA256=62A3CAAC74105F76EC24DC837510E2DF28CEF09EFFBB562F1D0C8BA654B41000,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032983Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:19.238{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8C98384BF9950F5A5A53581378C9B5C,SHA256=190EBA182E277A840C609304EBA031EC43887838C572FA91B9735278E2E5F710,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:17.186{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63441-false10.0.1.12-8000- 11241100x800000000000000078811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:20.953{8057F119-29AA-60EC-DB08-00000000DB01}8952C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\AlternateServices.txt2021-07-12 11:43:20.948 23542300x800000000000000078810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:20.953{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\AlternateServices.txtMD5=F2D2380D04093022F320100D12B76DFE,SHA256=0CB3B1AD30B6178A592ED61C6CC3EBFFEA6B064426B5DFEBA5643B18DC4EF98F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:20.518{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C07B36FEC86FC42AA9B476EDC365B81,SHA256=938D0E826841004DB0AB7243540B891C3728BCA709B8D8408D4932B1C2CB020A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032984Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:20.269{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C2C19923EB10687C1CF91C2C6ED83F8,SHA256=1902F9F50C39F5F7BF2EB2A9046EF3EE1D47548D8DF159C7B4A9EB48AF36F304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032986Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:21.285{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78EC22AE247D59B068B36437090CF034,SHA256=576D4A6092D941905D26BE00EEA0A07A38A74EDB97A168DE6B15133E2E853233,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:21.533{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88238182B55811A245842B5672C73A35,SHA256=23AB3261884318CAC66DA35BDF5DB09BCE53E226FC009EE3554379459D4657FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032985Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:18.463{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51628-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032987Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:22.332{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29BB2CD3340D4DF06FAD39C2274AA817,SHA256=140C73E0BB7F9095388C0781285830050720CBDDA05E151C97E17D3CC2DD7753,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:22.552{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B720F6E4708264EECB41E386D493CB6,SHA256=5E2B16486C38139FA7AEDB023DE3AAB79A518DECA24D7ACACA1A38654C2366BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:23.569{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A3D453610050A2CC0D3F5EFB95021F9,SHA256=23AFC0AE4F16FB4AD29A7BFC1DBE71E5B30D1E36D5A90780EE6B52BA01F3925D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033016Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30B7-60EC-4C05-00000000DC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033015Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033014Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033013Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033012Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033011Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033010Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033009Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033008Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033007Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033006Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-30B7-60EC-4C05-00000000DC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033005Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.957{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30B7-60EC-4C05-00000000DC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033004Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.958{50946567-30B7-60EC-4C05-00000000DC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033003Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.707{50946567-30B7-60EC-4B05-00000000DC01}8283344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033002Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.566{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31A4A1DEEC114F0C7EBEAE32F348AE46,SHA256=69E51FA5D2A0B92FEDD5A34265B7DB8622883042FD4A5AFF370DD9A33F6F062A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033001Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30B7-60EC-4B05-00000000DC01}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033000Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032999Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032998Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032997Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032996Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032995Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032994Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032993Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032992Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000032991Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30B7-60EC-4B05-00000000DC01}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000032990Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30B7-60EC-4B05-00000000DC01}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000032989Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.457{50946567-30B7-60EC-4B05-00000000DC01}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032988Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.425{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=07C5AFCBFDA9B21831C83AFF0928E8E5,SHA256=076D3C2011BFED411F408D6D61AC9FDDC2F9569ADCDC53E13BA36F2162C5B36C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:23.017{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=AF0F572DC06204B03D068036F297E951,SHA256=9F09963A25E54E35F2FA4569DC9036AEF58AE6958D80F8D59A59F8408B08D4B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:24.584{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B27417F9A4E0BD1EF0C8AFBA05A3DF87,SHA256=ED07485C0873CBDF2F0C5014D6A54DC5220A4061FF497F40E48BF05BA5DE913F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033033Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.738{50946567-30B8-60EC-4D05-00000000DC01}7603264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033032Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.613{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=244F77093069A779A42234361DBACEA0,SHA256=1AD8EFAA72A6195DEF67B036C8B0C47CF631A95BF7569EBB369E9E7FADD9EDC6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:22.286{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63442-false10.0.1.12-8000- 10341000x800000000000000033031Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30B8-60EC-4D05-00000000DC01}760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033030Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033029Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033028Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033027Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033026Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033025Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033024Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033023Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033022Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033021Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30B8-60EC-4D05-00000000DC01}760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033020Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.582{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30B8-60EC-4D05-00000000DC01}760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033019Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.583{50946567-30B8-60EC-4D05-00000000DC01}760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033018Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.472{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FD520A3F171B281068A89D7F9C35C6F,SHA256=78B3C2D358D078C744F81A59FF826C5671A4AF364CDBE6C24802274DBEEC7213,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033017Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:24.472{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=06655C7FB906915A3D647EF7AC674615,SHA256=485D68C36BCDF11299E3E537771EAA2CC1935BFF9B48A341F6D9DB178D8E9FCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:25.615{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B493BDB817CF94611788F057802FC69A,SHA256=3C0C96581E1F4B03E3C6582E2098EFF7AEC8543165FA0ABAA707C95D4E8F1355,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033061Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30B9-60EC-4F05-00000000DC01}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033060Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033059Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033058Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033057Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033056Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033055Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033054Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033053Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30B9-60EC-4F05-00000000DC01}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033052Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033051Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033050Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.754{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30B9-60EC-4F05-00000000DC01}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033049Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.755{50946567-30B9-60EC-4F05-00000000DC01}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033048Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.614{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34F3F4940F486DB6E6A61D604A871887,SHA256=D5396DE09944BC31446C77E6FB4A5ABFDC0B5709E745A917A61543D794626967,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:25.131{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033047Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.582{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FD520A3F171B281068A89D7F9C35C6F,SHA256=78B3C2D358D078C744F81A59FF826C5671A4AF364CDBE6C24802274DBEEC7213,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033046Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30B9-60EC-4E05-00000000DC01}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033045Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033044Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033043Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033042Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033041Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033040Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033039Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033038Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033037Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033036Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30B9-60EC-4E05-00000000DC01}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033035Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30B9-60EC-4E05-00000000DC01}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033034Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:25.254{50946567-30B9-60EC-4E05-00000000DC01}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033065Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:26.769{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5380694B23DA6197ABEA246D1FCA7299,SHA256=8B1E2E82C491726D787057D49A8CBDA1019EC98B94FEFE7ECDA05D3C8FA36087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033064Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:26.629{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC598D88249AB9E0357660B1DACD72C3,SHA256=7F42234DD33DB4F69C4EBE2EBC09B8057F61F6E4DCF02F0E3B3FD67B1477C340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:26.630{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7265FCC20903CEC0354036BE333F17F6,SHA256=284999270AF044927EFB291CD1D2B5D00BBB632DBA0CCBE5F4AE16A47CDEF87F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:26.398{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\permissions.sqlite-journalMD5=9D7569ED238922DA74EA3E694625D530,SHA256=C62C43C5F5A13E66CBB897B94E973CA0C2D2111E2CDB62D2F1C685D3D62BBF00,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:26.199{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033063Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:26.066{50946567-30B9-60EC-4F05-00000000DC01}39722404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000033062Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:23.497{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51629-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033066Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:27.660{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4B01565CB8605B5CCDAF603E91F90A3,SHA256=C310377140D6461D988CB98A519EC4FCFC28D016CF69F8D94290F96304EBEB39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:27.647{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F68C6945E5043A21710BFC3198561DF5,SHA256=AFAECB3FCC03C1FD0C23750885859799DDBB95D3F416CF0DFD35944BD9B9C1DD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:25.252{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63443-false10.0.1.12-8089- 23542300x800000000000000078825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:28.665{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFDD5E88253B842888C63E7AF428F1C1,SHA256=AF2D7FCAA23132BA787466177B76F8B9FB9F630260021E62F679EEE7B8B3E1EE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033094Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30BC-60EC-5105-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033093Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033092Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033091Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033090Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033089Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033088Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033087Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033086Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033085Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033084Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-30BC-60EC-5105-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033083Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.738{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30BC-60EC-5105-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033082Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.739{50946567-30BC-60EC-5105-00000000DC01}3252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033081Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.660{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6C3432421FBC0BCD39C1F194F5C5D09,SHA256=6F24AAE1763E081CAA0DADB42B54BA3816FCB1F9861368816C24FD898FC53D54,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033080Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.519{50946567-30BC-60EC-5005-00000000DC01}4281812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033079Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30BC-60EC-5005-00000000DC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033078Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033077Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033076Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033075Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033074Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033073Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033072Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033071Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033070Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033069Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30BC-60EC-5005-00000000DC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033068Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.238{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30BC-60EC-5005-00000000DC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033067Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.239{50946567-30BC-60EC-5005-00000000DC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:29.696{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24E524BFF1C4ED718D7A4E8D6BCBFB80,SHA256=78608F9E8BD6960E60A5805E6000B27B8DA94C039C7DDF0A3FFFE54D2D9F84E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033096Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:29.879{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BAB3696050CFA3934BF9AD4A67FFE06,SHA256=9A664C998549AC220AB0C60A96B2F537085661D6EAA7790DCC658DDB88A94AA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033095Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:29.254{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B3312F24017832626DDC06768D1180A,SHA256=6DBFBB200AE017F3D80F45BC6D135C1738F3E513A32CD7563147F57BA0BF582A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:30.726{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBC6F6751959C4D5DF079512E78F4EAB,SHA256=AB02D9C079075EF24DE0959DE7BF653AB2396DD18DDCB27FACCB135393BD1521,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:28.234{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63444-false10.0.1.12-8000- 23542300x800000000000000078829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:31.744{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCCFA1840C2D7A4CFE56763278CD20C2,SHA256=435B9B5B77D0F4C4B1A7664DE30DC894E5CBB64911B3575FAA5F1B4C27DA6E35,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033098Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:28.588{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51630-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033097Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:31.004{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5846F24093B6DF10E07D75057BED8BBE,SHA256=7F9A4E3224C03AAAA1B3C033FCBABF5660E459D6BE4C8C83A207C6E898811C33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:32.763{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1CD391DE251B1B36276E143A63A1412,SHA256=4BE51A3E2BDBC0E2556A54834F06EDE33D83FB1C10A85DB405D3597AD18BE0FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033099Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:32.019{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AA81E20332E2AADFE6C6E0290A6BF5E,SHA256=286B95C05ABE9A92512D916A9640818106AC339C658A22EF6598BFE28C8FEF0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:33.764{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CC60602590140859D0B04BB4F833064,SHA256=5533F270AB9F592BFCABA22705F570B953A7D024D3715E802B937A578D9BD24A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033100Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:33.035{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D280169A7EDD40335714D77EBA25DAC4,SHA256=02FC78CC9E7335456306F48E0F59E8C7B5DC3DB76B2C44081AD0E9A7EC09E157,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:33.543{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=AA9720FCBAB75176263741449152B41A,SHA256=CF1EDC7EA7720CEEBDBC562247B48DE5F5B4D9B55AB74A7E2AAE6C7000C300E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:34.779{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73D9B3AB9353ED5D5C34615C0E437742,SHA256=2EA98CC25D13DD71B23963008D0A461AD2AFC3943A0B286F474E35ABD1437DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033101Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:34.227{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D641FE8A6D18AD11937F9A10C6FCF4E4,SHA256=1A6C488834940CBF2060D1637822E72DF1A768F8FCF592689DDCAA55B24AC648,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:33.301{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63445-false10.0.1.12-8000- 23542300x800000000000000078835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:35.779{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4711C5D60CFCC4738F8BEA3F1F417341,SHA256=7D8EDD0B0A1B924DCCCB936443ACCD03FEA93E816F8C5ACB3191A3173F95B8E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033102Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:35.243{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F8E2941AFA28B6097DFEF9FF7713170,SHA256=AB5662983BAB6F593ABEA4D85D8FE4FE9D68082E8F0E49F83B87BC128B9627FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:36.809{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5368CDE716A4647ED182431793F2A20,SHA256=CF2D4240192C0A9366360552A6179B7B866412FA07B5AA18243165AF2E007B37,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033104Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:34.498{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51631-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033103Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:36.258{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62EB964026E330FB49C19355AB808968,SHA256=14D5877D9A8629C78B0CFC78BD96E520289B8AD72AB3B153C768EB0E408A3E93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:37.842{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14B3A4B61160282E6100376C3BA46571,SHA256=6F93CC2C197EBED728B0474CC03881C51ACADEA9F5039B3C82461880F18DF81F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033105Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:37.289{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=790303BEB7599F135E127E430E842627,SHA256=A743261FCBD313A4B92A07E34158F40F19EEBCC9FAA7ECD8B5FF7F06C3E17EA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:38.860{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=398F959C2D104EC2ECE8A94B3AFFA389,SHA256=ACF3EA62C0705981B81D6001A28747D6BFD8D6642C0E2333FA631FBDBA7889E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033106Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:38.524{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BC458769349D26C4A4325237217EA4E,SHA256=0285B01EA92E6D768217AA99D040ECE4A3FB7D11B4B911EA78DE98469AA143FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:39.861{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF925486E7DCCF9576F667BB183B02CC,SHA256=3D5E3B6E4AE36F3EB5E7639E45DE0B6A8FC1C3E1C8D5532695C0791A911BE952,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033107Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:39.758{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=882B758FDA82806C55810E7D346A0F77,SHA256=8FD7A5564C7E4B958FBB8B22B5ED4E71E182CB8CB527326FB92D1EE6424128E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033108Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:40.993{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72B897685291AF121AF37D8B6AC9B510,SHA256=534EF1CF095C4813718935362D78CA64057C50DFB9C38EDF248AAE9C2A24AF93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:40.876{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A26DCA46A40C580068DFBC49511A0D92,SHA256=EC6079E3709CB838854B5CD9C805B1341D30EE22728D488B1A5B62045E6381A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:41.878{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12ADFF409079E16179C471D329D6ABB3,SHA256=480CC331EF755794AA61C058F4AC50BF42392253F0D5CBD3162EDB842877EE5F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:39.313{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63446-false10.0.1.12-8000- 23542300x800000000000000078843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:42.879{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5599D9B775F1D3ECD0F39051B5C69A70,SHA256=632F0DD94E4428854641CACEC1B5DCD370503D2AF05D9183766333E52DF14E7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033110Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:42.227{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EA41B80B0D1FA8626E31617CB5810B3,SHA256=6434F09271EFE014BD524E2902FD590FBF1C50EE5D1A40A3824759FFE22A0A8D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033109Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:39.592{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51632-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000078844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:43.894{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B10925FF45F7AC6208DB4F6BA1A376E0,SHA256=BFC5B834D5C3EDFC8452C7C5641A035A6ABADE2790873E313AFEDCC5F60F57D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033111Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:43.368{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09067756187B5AF7B68F5DC128F9570D,SHA256=0BA77A3E14318F8DBD0C6A7853AC6D0860BB50F3948AAF5D1B701C56947C74CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:44.910{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96ACA4DE8742C97B1251D75A5546487F,SHA256=FABF8E1A4718BFCCD1B32A49DDAE9CD311227AD7B4D61906A64FD4A83FB2EB0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033112Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:44.383{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=535F8F46CAC27E5149DE9AC711F61C55,SHA256=D80D36E4A1D27E805A519229D07FCC67BEE4EDCCF83C1DF8C13C7D737E603B3C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000078894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.963{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000078870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000078858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.947{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.946{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.946{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000078853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.946{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.946{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.945{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.945{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.945{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.945{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.942{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.925{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4752DED4433292771DAA0ACC2EAF2F7C,SHA256=7C112ACB89F71E8452F277E18CE445743F53964ACCCE9FFD0CA016C64014FC87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033113Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:45.399{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66F59F739CEB5B26E9489AC06E13705D,SHA256=DF89987B478BC18396353FE0DC71D6977086BF22930B2A8E2DCB8CC23EFE52C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033114Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:46.633{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A0BE48CDDB277AF9B2A06B2489754F,SHA256=7A792926E7D235A06F9E9A264D6ABC90C1AB1D3179B10C6DBB61653B96D5E916,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:45.331{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63447-false10.0.1.12-8000- 734700x800000000000000078952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.801{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000078951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.801{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.801{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000078949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.649{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000078948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000078947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000078946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000078945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000078944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.633{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000078940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000078918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000078916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000078915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000078914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000078912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000078909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000078905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000078903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.617{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.618{8057F119-30CE-60EC-390A-00000000DB01}8328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000078897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.269{8057F119-30CD-60EC-380A-00000000DB01}73726552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.269{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000078895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:46.268{8057F119-30CD-60EC-380A-00000000DB01}7372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000033116Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:47.868{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25444CB973A56B6D52BCAD216E32A325,SHA256=3D04E56CC275C6F1F6ED7CBF6CE3ECD29128F4FE7BCDB365543BC553F63A3B95,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.333{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.333{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.333{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000078999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000078998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.132{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000078997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000078996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000078995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000078994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000078993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000078992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000078991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000078989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000078988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000078987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000078986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000078985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000078984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000078983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000078982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000078981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000078980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000078979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000078978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000078977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000078976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000078975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000078974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000078973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000078972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000078971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000078970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000078969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000078968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000078967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000078966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000078965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000078964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.120{8057F119-30CF-60EC-3A0A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000078957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.117{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D266B255F510532A7E104B047268AB71,SHA256=B2802262D757DD0D487778336F1BC6FD305EB64D42E15F3A272EF50F6C8FFF22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.083{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9328C053EBF794BAE8F9FF535825E5D,SHA256=F6065A87165384E6F00B2CB0B25C91DC803D46A481D492064D14577D5E09D174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25D53414E4C67A5DB95F9179493265FF,SHA256=76E8801DACA2B183CACBFF104EFBF7FDF219ABD0262F1C979B39AA7DFE437721,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:47.080{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=15D65415808FE9220F9FF128C2A6C4A6,SHA256=4A81B26B0A80DD6232953FECDEE0AB7CB8A4CA127812253308B843B311069226,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033115Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:45.451{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51633-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033117Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:48.899{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=749C888BBD1F875FEDBB8769973DBE74,SHA256=F41E89299841B75005AF9347D5003C5BD1C968BBDCB17FCDFDAB7A9F1197728F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:48.232{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C32ED4B6E801C3E8500965847344A76E,SHA256=BE3BBA5532ABE8414AEFFAE19FE5BB1A19A5E3B697E08A67EB359073096DE896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:48.232{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9328C053EBF794BAE8F9FF535825E5D,SHA256=F6065A87165384E6F00B2CB0B25C91DC803D46A481D492064D14577D5E09D174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033118Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:49.914{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2573810FAE2E3C1A2D11EDF58D46581B,SHA256=A6C1170B1500AF2920E065BCB0130BECAAA446F59EDE66FC8EC2ECFFF847E081,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.597{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.597{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.596{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 10341000x800000000000000079064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.596{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 23542300x800000000000000079063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.596{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF9d14b5.TMPMD5=D02E65C42AD32F3ABC147AE7AB968251,SHA256=E8818DF00616D25228108A1EFC74316126A1FE625A120883CCA21C9468504286,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.588{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000079061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.587{8057F119-30D1-60EC-3B0A-00000000DB01}93208776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.587{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.586{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.384{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.383{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000079023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000079018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.362{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.363{8057F119-30D1-60EC-3B0A-00000000DB01}9320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.262{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8A8C6D0044A413A7AC80766E4C5504D,SHA256=428D922A79E08BEB3C3DC7E49A223E74C959114727EB2F3AAE169038514FAE27,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.799{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000079172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.799{8057F119-30D2-60EC-3D0A-00000000DB01}31729168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.799{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.799{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.561{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 10341000x800000000000000079134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000079129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.546{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.545{8057F119-30D2-60EC-3D0A-00000000DB01}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.543{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D5343C569B65F196E2BA777ED72924,SHA256=9D9543219CD646AD50EB2355041A6A7E5C5489A596E1C5AC96CA14306693D6B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.509{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01EE09ACBFACFBCB9D0E44DA43EB48AC,SHA256=EA5CB136EEDC4C76D7FB8B38B4D3691A7973B631BC2B7C9FE559AB5768D1F6AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.509{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C49282226BB8C76DB772C197209F8840,SHA256=AC2983A107DFD8542F2E57A87154463D8DA3AC7FDCCA6D7A1B28C15F8B0CDC09,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.344{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000079118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.344{8057F119-30D2-60EC-3C0A-00000000DB01}80129420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.336{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.335{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.067{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.051{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000079080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000079079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000079074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.036{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:50.037{8057F119-30D2-60EC-3C0A-00000000DB01}8012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000079177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.904{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63448-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000079176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:49.904{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63448-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000079175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:51.682{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34482684A7F426840030234D04EA614C,SHA256=B5045ADDD0C3CB73E6D1AB8AE632924F43D3BB3B68674986FAC32F1558347B94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:51.682{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF776FF73AEC435A09A3DAF29EA3C9B3,SHA256=C02ED958A93FAF5F549CC57DA6D112C8B8ECB08CB15B4C81744EB5663EA8B146,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033119Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:51.133{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50E61C0E31A75BF88A3726D0CB7122B1,SHA256=CDE286D830D6C9AFD15565C5E803FF6410576FC0E05636BB870359D16F94A514,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:51.236{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63449-false10.0.1.12-8000- 23542300x800000000000000079178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:52.697{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17BDABF05D7E80B3F4C5A1BF2C202159,SHA256=2EE739A5165D8F544EB79251AD035D8945E585C99D58086BEC00D7D92FD5DE99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033120Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:52.368{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD8B1CDF76133742427F63E1FE24448,SHA256=F4294B25EDB2DCA90E5FBD4A8A6654FA4C5A77FDD4AB4EF28271B738AE2226E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.948{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AD8A7478B5185CB9AA7C6A4F5F44750,SHA256=0348CC16BC16F0F945B9C29B37B49AE8921C3541FE77CF97EB85053FE5DD8C6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033121Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:53.461{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B559448E4CA9BBEC6E5031D072139CE0,SHA256=40E01501DE63895FC5B2EC65BE00654C8C7248198A52F9970B1E6FD248AD90D1,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.453{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.452{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.451{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.212{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.212{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.196{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.196{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.196{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.196{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.196{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000079212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000079191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000079188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000079184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.180{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:53.181{8057F119-30D5-60EC-3E0A-00000000DB01}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:54.966{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79C68BC91D63941D4CE94806A0F141B9,SHA256=F87F8415E1CDAB5EDB567243F46D9C350AECC967A1805408A176E6C8A5299D6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033123Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:51.451{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51634-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033122Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:54.469{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EE2AB258868BDB50ED541B959AED246,SHA256=AC3EAFF86DBC740FE30302D3B857957089D89AC275061BCFF873A5D0876EC597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:54.186{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69F23BC9B824F3D45D45D1E84075F222,SHA256=ADED56574315DA2EF7E69B79C5D5DF9F25F922777823DE0DBE02F1AB6270710C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033124Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:55.485{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C319A5B248E031D72A284767DC129737,SHA256=DD2E6961D3B59494F1EAFB1FFA40C67999B3328ABE9BCC15A9A217036E7229D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033125Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:56.501{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEEB6C4EEF0AD69E2FB256BBD936A687,SHA256=3D320BC1BDD18D4E15338AF80034B0E0B2784B0DDB75FF1F8D223D25C8A61483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:56.000{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2619C940FEFE02E5AD59A811A9E2C2C8,SHA256=20F0F2CB3B60375315B1A361A21939ECA1F6F7749063984F8DC156B07183968D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033126Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:57.516{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C5921D2C0D2644417FABAE001F7ADF8,SHA256=F54F059B5A76D37992FBA5F6582436D1AACC2C52215407D33F8759D44DBC5439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:57.000{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77C1ACAA35E6DE9BD5F24CBFE50D716A,SHA256=FD22E8B38295A037BF24E1674AC4DFF8AC2D09C97025671A76A6EE72C1AC513E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033127Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:58.532{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7402C9F847CFA877459DC975D6EF989,SHA256=65E403E45064311669A0D0D98DF5FFFE45E160C2C89CA1F274730CA59C6DA6B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:56.237{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63450-false10.0.1.12-8000- 23542300x800000000000000079236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:58.030{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7805C38DB2352EE0514830C9DC4974E,SHA256=1CF5C81DCD80C6CCBAF863D907F21D492A5506CAB611C8B0BFBB422CA3521D25,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033129Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:57.459{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51635-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033128Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:08:59.548{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40DD4E137DFAFA7C71581411F5BBDAF0,SHA256=BCAA598FCEB8B84976893326282329EFE2EA8DD5691D6BFAB144DB2A00651CF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:08:59.064{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A0D7E51F3783F9B9928129C1C8AF276,SHA256=63192E34C6B7A6BB16711608DD1BA2BBFB94060471CF7C176B36EECC9247E5AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033130Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:00.563{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E72CD85807FBC33696C560587B85CD62,SHA256=3E022CB6F8DE8AE22668802B0F98BFC8C69DD26CCAA6518789DAB18A551DB914,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:00.081{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5509DB7F5FC40889A28410D0C2EA3DE,SHA256=6841757156B2E16474176128FF40AFE7E31F9CAF5DEC0AD9DFD1DC8B03CD0041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033131Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:01.579{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B69FF69A32438E3DD4AA1267053F0A07,SHA256=B84C99FB9597E45762C32D7334E8F7C63F785CC7CDF2740915A5117BE421EEC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:01.096{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58A3699799F91A5700689567229D5C7C,SHA256=97FD1CCB76CCE1FF95AFAD011C580A8E17609AC9B41AB40D927655A5114AB8EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033132Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:02.594{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AE72CB9B5E8A301B9FCA5CF857118C1,SHA256=F6F419372952C4D55439254AC7B3ADB414AC9FA48E56BDFCC2C288C1DE840DC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:02.126{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABD1E76D28A7FADCD3E36141294C6574,SHA256=09A75C051B71AC8D0D09600D5550407EA8A03500805ADB7CBEDD483DA81C0A4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033134Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:03.610{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECFE5C3E56B0C1805C7E82020C43DC2A,SHA256=C68E0730C8B76E898F02D89B685EF66A5F075CBA413EC39201742AA5B4823768,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:03.127{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09D919E64884BCB02B2657C97D887EFB,SHA256=6F57E9E96F3827877175FB0682BDBDCF33EE0BEDF8EE947F54EA62B6574CFCB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033133Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:03.188{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033135Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:04.626{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02FA2181C8C0CDB0D2FB95ADBADD2678,SHA256=7546BFFC31CEA72D4D029CD7A5FB05FED6F8F644549E1BA1180C431C9CAD4ED5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:02.217{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63451-false10.0.1.12-8000- 23542300x800000000000000079243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:04.159{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AA6F294850FF9475BFA59B63F6493AC,SHA256=0DC333E1102776054CDE4A1F11BA5B850A1F037251D0BABF0563042FAB3A2325,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033138Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:05.672{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3847DB5625483A6F1B9C5E5A2C432F0,SHA256=E468F70DA724BBEAB939A6E071509CF867117A8B874057E47753775CD70CB7E3,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000079256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000079255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x009d525a) 13241300x800000000000000079254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770e-0x53c50646) 13241300x800000000000000079253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0xb5896e46) 13241300x800000000000000079252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0x174dd646) 13241300x800000000000000079251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000079250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x009d525a) 13241300x800000000000000079249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770e-0x53c50646) 13241300x800000000000000079248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0xb5896e46) 13241300x800000000000000079247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:09:05.379{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0x174dd646) 10341000x800000000000000079246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.279{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-089C-60EC-0100-00000000DB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000079245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.179{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B82E4B24A345E5116B38FEB491E5CCE1,SHA256=87646846F2F1F96251EBC8A5A8F3FC3857A2DA7446C4AD2D74A539A41E3B91D2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033137Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:02.522{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51637-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000033136Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:02.491{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51636-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033139Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:06.674{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEB4849322CD046BA426A808F0541124,SHA256=4AE85F48423CDADDA747CD08513F147ECF6A5BAD8EA99AEF38D7D3590B804340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:06.194{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0030B95591621388E760F278EEBC3F80,SHA256=2714AEA634C098FF3927C758DC95E85E1EAB28F409120EF6A59E6EEA50DF8B7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:06.194{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91AC7547D0DD696B324EFE0035210CFD,SHA256=2E29E3C61093B5C5C5D4B0D0159B358CAD082E3C0DBB1E82AA11CC5B0377DA93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:06.194{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7DE6814519AD6CA0B4ED67E50E137B7,SHA256=FA13867EA85A1A5FF693D30C92AF37A7ED27239F585E3163D1682E941462A8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033140Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:07.890{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD1682C07E7201518219B0740926C8E3,SHA256=B2878D49D32A2A83812DCFAD8F1F4EB78D78FADC93536F19A042FC6F979DAF65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:07.224{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7447F56DFAE111722BC5F8A104BAFB4E,SHA256=216897EA3EB17ADD5645C56DA67EB99AD0737E8272C291D0B7B0D171E7BC645D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.421{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63454-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000079264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.421{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63454-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000079263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.308{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-89.attackrange.local63453-false10.0.1.14win-dc-89.attackrange.local389ldap 354300x800000000000000079262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.308{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63453-false10.0.1.14win-dc-89.attackrange.local389ldap 354300x800000000000000079261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.298{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63452-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000079260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:05.298{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63452-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 23542300x800000000000000079267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:08.239{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40A4F3314247BBA25564E0C189FE2F9D,SHA256=9053FFDAD6F8F7E7079F6197DFDCA5CB7D42CE9ED7C1D3AD87585ABF8EC4C932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033141Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:09.127{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFEA900C7E944575340C08F89B9A8689,SHA256=EF98CBD9715A79253A30CE8E5AF5DC4719BBAC635778B0D720C74AAC5A864381,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:09.256{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57F8375779D922BDF78BB8E8705BDC9B,SHA256=46C8627F71E1FBEAA3C854977DD0A6D75DEF38C4D8D591382FBCA2E64CDB84E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033142Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:10.143{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2006DDB661404A3A51A4B488A65922A4,SHA256=8A8FC323FC33EB0465DA76ADC8CB1FCFBAF32A83022EAAFE2653C9DDE3ECDECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:10.275{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A76971A7E47FC0B54AD425D49BB3D30C,SHA256=61382D7BD23FE0757A26AE812CDF81B61F2ACABB8F4E72DCE6D022556664A40B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:08.176{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63455-false10.0.1.12-8000- 23542300x800000000000000079271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:11.289{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96D074FE256DDF1FB977C94BC622BEDA,SHA256=C270D860C689B86737700BCE46C4B8461736756670F46E14E25A49E284AD8E44,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033144Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:08.476{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51638-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033143Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:11.158{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=099F801A6B0F88AE0BE0E190708125CF,SHA256=3C224CEA20FF5E0A390F1353D7C1B0F315A5714BF7600F360A155F8FEE7A320A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:12.320{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC8DA6F63FBC3B348DDD83ADC992302,SHA256=785E9E076CB1D47A9D6D31E5D100674665833D314CFBE0D43F9C12B7E4E572AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033145Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:12.174{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BDD9A1A56F169D96F9042DD6A6D2C82,SHA256=DFCD121F354D7C04FE78B811F8BE524BF16C8AEF6016181B04A3AB2C1A44F136,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:13.320{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86676C3AE438C06960E5C61100D188BB,SHA256=2E2AF2894959E4C320AE93F514332EBFF91B265D7621AFE4D8B784F1C13D948D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033146Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:13.377{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65FA81624371C8D698E44EA1C7F39C7E,SHA256=F77515498D82005973BE7E6FDD624BC5E7FE6B0F9CD089BE9BECB5F1A9E5B1BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033147Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:14.379{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F164A60B7CA5BC7D991DDE9B56BF0CAD,SHA256=ECC13F4088CBB4A69CC3C5DD05A4EC4B443FB84F8D9B009DB1485B99CB5FE176,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:14.354{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37F0663FD6FA050C1C96AAAC477CD8BC,SHA256=D597322E120F89A653AA9FB6A3583A653B2EF1AEACBDE3CA5B80AC46B672B621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033148Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:15.410{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69856639455817EDC5BF39FBAE89B07D,SHA256=56768872037E6C372A49FDC88891B88F05BE2BA3F569010DE05B08CDF657D97E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:15.371{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD577A4B5AF7CFEF87014B8F9FCE2618,SHA256=B1F9AF5E86ED79E5DEE4B74E8CA1CF80C4B4366E63D2C0F83CE4AC6BC78E03DE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:13.288{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63456-false10.0.1.12-8000- 23542300x800000000000000033150Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:16.644{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1790251560337AB16D98264804B618D,SHA256=90A235A1D24E1839F0AB7CAE70FCF2A6E6358F1044A1B3E11DBE52810D37367B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:16.388{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C41DAC3DBDDC6C2682E8D679AA3A60B3,SHA256=BD46A52780C172B7710ED6DBA86F54009F0B1C7A03A4CDADFB6D8A766F7D2403,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033149Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:14.462{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51639-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033151Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:17.691{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47DFF6D46E85919F37A5E33E436AB875,SHA256=7F96D35EE2855B3BEE12C6EF12E90549534B7068242BAD1EC0CF59B4BF93B815,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:17.418{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5085732504A2A47886F351F8069E031,SHA256=A46AA158311292EF2D994B233BA4CBAC24B6D0B2B9AA3B2BA8219990C9ABA78F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:17.019{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1B81E547B8E8F555847BF0BFE661B484,SHA256=B5EDE167DFBE9CE5F1B86ABEAF65BF1DE7FCDE28EAFBBDC70EEE8F312EF03E73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:17.019{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0030B95591621388E760F278EEBC3F80,SHA256=2714AEA634C098FF3927C758DC95E85E1EAB28F409120EF6A59E6EEA50DF8B7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033152Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:18.707{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8651039BD4C11EA71AF5DAFD368A2E90,SHA256=8F742074C32D6C0D82EE2673DBF1A1B88D216E2617BC9BBB37AC0CA72DF455F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:18.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7C52EE38D7649BE8F0A19D48A189D0A,SHA256=4D39E478DC669FC50DD36FEB5A602B14AC0EBAD062438D5274DD59C739D5AE7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:19.450{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21EFA3E8BADFF4C174954EF01EB3EA1D,SHA256=57631BF329559C9D0AFE5C8F19E4EA95C7B58F7403C7D7F061FDFFECB9527FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033153Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:19.769{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C1C17B6B966ECA10FFD567CC9760245,SHA256=C2F6DA34FA0661A61828F147498D288DCECBFA0D614F96CE720E2119FF48BB43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033154Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:20.801{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B85E8CF6C0F8BC71B1C65056717A5B57,SHA256=91B4B837CE7B14F08900669BA8970F53A2C99621AD3A3C2E12411C2C1C54B8CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:20.469{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD8CE1FF843144A65B5B18D87D521DC2,SHA256=9445BFAA4B2445467B2BE6332200D4D4C1F86659FD9ED7E88C89126025CD3A34,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:18.308{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63457-false10.0.1.12-8000- 23542300x800000000000000079283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:20.069{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\datareporting\session-state.jsonMD5=5C5AFCCE4C49B4B226F016774FA3886B,SHA256=2533D84556CDB46093A62A289125C2038B895E3094C957048B30B81E8EE55AC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:21.470{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1D7DFBDA24841CB7F2CAAE9551036DE,SHA256=35D4A1206EF400DD3E208E48F657276284F33F9161DA32196EF9A28DA2975FB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033155Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:22.019{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7830BCA2C67CC74BEB867EFC3AD59D23,SHA256=1DEAAD77C8A534BCF22A816E69C825DDBE8674BF548CDD8A09EEFAE6D3285597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:22.501{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C579B06A451F96D83652C7F910F151FD,SHA256=F5477A0345A37018EB2CBCF5640D2870065F55B94CF334782ED2B2B471E75AB6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:20.352{8057F119-29AA-60EC-DB08-00000000DB01}8952C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-89.attackrange.local63458-false44.239.250.14ec2-44-239-250-14.us-west-2.compute.amazonaws.com443https 354300x800000000000000079288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:20.213{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63862- 22542200x800000000000000079287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:20.078{8057F119-29AA-60EC-DB08-00000000DB01}8952pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com052.13.236.190;35.155.6.125;52.38.70.232;34.215.151.143;52.33.45.66;44.226.235.191;44.239.250.14;54.190.205.249;C:\Program Files\Mozilla Firefox\firefox.exe 354300x800000000000000033172Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:20.462{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51640-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000033171Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.676{50946567-30F3-60EC-5205-00000000DC01}15042916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033170Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F3-60EC-5205-00000000DC01}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033169Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033168Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033167Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033166Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033165Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033164Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033163Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033162Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033161Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033160Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-30F3-60EC-5205-00000000DC01}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033159Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F3-60EC-5205-00000000DC01}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033158Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.473{50946567-30F3-60EC-5205-00000000DC01}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033157Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.441{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=759660498DB734F3B2C580C558977FB7,SHA256=6836CBC577CE547CA72FB942E24893B4B468F7909BAA5D4D8B5E9C037B2EB4AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033156Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:23.254{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14B8FEE7C57F386DD786F7385DF2E5A1,SHA256=438F63BE88B56383798B99506F827AAA368AE7D31790730513C5961AFAAE5358,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.584{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=913390B811F483500348B76553C2C441,SHA256=A51866EFFBD738FF0E99D2D5E954013B9A88D07EFC5AB20C26F4F1F3E0AE5600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.249{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D34E3AC75F9689D36FDB50E75448A39,SHA256=EEBED23C8C2D7A2F3EBFE7EF6C0B8A368671976B98628D7CFD9B285BC7925F1D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.153{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.152{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.151{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.150{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.149{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.148{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.031{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=8A16C0B44CDEA4DD951CA5B0C4EC7C03,SHA256=16440C98F75C930EF25FF2F8C83602A7520D4473DDD932A3E75AF6A359AD7454,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033202Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.832{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E018416AC7D31EE94671666B21B7F6F4,SHA256=4C417A7EC57E61399375D985F729757B130F522319916819E48F8AC9CBC36B65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033201Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.832{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53E92FB5273C016B3813172FC36DE4FA,SHA256=B8B369DEF6EB9A9CA5DE09F6B9F9B42D2A0562771FC8ABC6CB6F3A9B4E84B1B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033200Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.832{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=232D1854FA5C119F1F1002A9D37C8F76,SHA256=D1B284AD0D25F1018FEB7E9B05E70204A9516AA22B44B3097716849739F1313D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033199Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.801{50946567-30F4-60EC-5405-00000000DC01}25001532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033198Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F4-60EC-5405-00000000DC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033197Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033196Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033195Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033194Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033193Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033192Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033191Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033190Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033189Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033188Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30F4-60EC-5405-00000000DC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033187Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.644{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F4-60EC-5405-00000000DC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033186Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.645{50946567-30F4-60EC-5405-00000000DC01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:24.598{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B588B99CCC1018D8F6CB7A0A9FB5E8C,SHA256=1C8BB4D52B09A475ECD89A24C5B8AFDFC004CC78DDB0E1364896D5CBF408D017,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033185Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F4-60EC-5305-00000000DC01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033184Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033183Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033182Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033181Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033180Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033179Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033178Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033177Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033176Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033175Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-30F4-60EC-5305-00000000DC01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033174Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.144{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F4-60EC-5305-00000000DC01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033173Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:24.145{50946567-30F4-60EC-5305-00000000DC01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000079368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:22.354{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61438- 10341000x800000000000000033231Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F5-60EC-5605-00000000DC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033230Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033229Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033228Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033227Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033226Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033225Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033224Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033223Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033222Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033221Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-30F5-60EC-5605-00000000DC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033220Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F5-60EC-5605-00000000DC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033219Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.959{50946567-30F5-60EC-5605-00000000DC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033218Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.957{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D7CFAE202D7075C1313256E97DA7FE6,SHA256=05142CFA27480A71E90A0B39F980A2F292FE7621FB7408CA8E0B5FDB1FC7BCF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:25.599{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF45C5BDE681694B1952C441F09095C,SHA256=0592D44DEF6C83C1E05E1CE72CBCC027A22D4F4B906E02B1B87CE559287965AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033217Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.660{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E018416AC7D31EE94671666B21B7F6F4,SHA256=4C417A7EC57E61399375D985F729757B130F522319916819E48F8AC9CBC36B65,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033216Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.488{50946567-30F5-60EC-5505-00000000DC01}29762792C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033215Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F5-60EC-5505-00000000DC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033214Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033213Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033212Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033211Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033210Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033209Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033208Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033207Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033206Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033205Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-30F5-60EC-5505-00000000DC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033204Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.316{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F5-60EC-5505-00000000DC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033203Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:25.317{50946567-30F5-60EC-5505-00000000DC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000079371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:23.369{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63459-false10.0.1.12-8000- 23542300x800000000000000079370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:25.167{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:26.630{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4665D013534FB048DA32717488206EA4,SHA256=EA0905C8FC9D9F16AA87136C82AF486220B3B89AFDAF2164CC3399DD43A12B72,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:25.283{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63460-false10.0.1.12-8089- 23542300x800000000000000079375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:27.646{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7B854B863E7917772DCD431449E7087,SHA256=DA30B8F52226448AE5F91EB7EF88CD23290E2493B5C84F58484FECB2AB61B04B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033233Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:27.191{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=832364021038D3717B0C8C54ABEA832A,SHA256=516E8F9BC6FA82BC649A4674ACE9456FA29B302549EB3FB3A90DB9A33ECC8703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033232Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:27.004{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=401990D316399AA7F39A75684A42BA56,SHA256=5D56BE98955E20B115918A257022011007BEE4874D1CC06347DEC4C19A9DA08B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:28.665{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3385A702F231072A8537A5F49621B8E,SHA256=753E9FAEE679DAEE5535926990944BDDBD93F70BC6E4EF9D3934542679AC750C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033261Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.957{50946567-30F8-60EC-5805-00000000DC01}32882960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033260Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F8-60EC-5805-00000000DC01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033259Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033258Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033257Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033256Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033255Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033254Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033253Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033252Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033251Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033250Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-30F8-60EC-5805-00000000DC01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033249Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.754{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F8-60EC-5805-00000000DC01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033248Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.755{50946567-30F8-60EC-5805-00000000DC01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033247Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-30F8-60EC-5705-00000000DC01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033246Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033245Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033244Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033243Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033242Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033241Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033240Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033239Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033238Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033237Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-30F8-60EC-5705-00000000DC01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033236Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.254{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-30F8-60EC-5705-00000000DC01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033235Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.255{50946567-30F8-60EC-5705-00000000DC01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033234Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:28.223{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4689389E474D1AE4D6221D052DDEB148,SHA256=54AA1BBA3FA23E2A755FEBD393E287A14EE462D6135E3FF3F1584E1D46002782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:29.680{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43804ABA863E4E04BCDE35952F99FB72,SHA256=4139F62F58E9F8C14C48B1F733F413640D5142CF0D8C556534C57823FFA2B0BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033264Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:29.519{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F86D678273E2B207DC46727D32872D3,SHA256=27FB45EE748F96357BB80850336C62198A568AF74D0F675626E4C5ED577847E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033263Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:29.519{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CDA6611FDC08D6197388C64EC911E05D,SHA256=8E74D1573A3478EE33D389AF56396DC6BFCDEE7C4CE013B27A0E8596A5BC3F69,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033262Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:26.447{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51641-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000079379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:30.710{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64F23F93C273AA03CD335BF0EE15C491,SHA256=74C272087A892A0A7EC52ED225D1C9D91652E87C5FF6EF38BC26BEFEC89CA5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033265Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:30.535{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8D1A2E6B9D23A3C9AA072A54EBA0F1A,SHA256=30F04F54D68EFC05D61E4E8E70631F68AD0CA92793D297FC8B0D07E869932F50,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:29.333{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63461-false10.0.1.12-8000- 23542300x800000000000000079380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:31.725{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C972C5EC5CB276C450BD1789D714219C,SHA256=F8FC465673C03BEAC858CC950D01DA7A52B6CCD7038784742DB74BFB53BB4799,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033266Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:31.769{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3611F3EFD21D02B02FFB6EC4F9B138F7,SHA256=5C4FF3EAB52C593661FD3EE68622F6A08F469368C19790657010487C2E56879B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033267Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:32.801{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3B3EB38CB53410E52592ABDE382F863,SHA256=19972A74D89507E432AF4FE71EEA1013005CB47D1C6700BB4B5E2C0DBF53AFF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:32.743{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96FE468F23BBABF7C8EECE0D3C035F0E,SHA256=1FB0F00A45BB2F3E9FBF26AE400AA6C21C2DA089C86BA24B185287038775A3D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033268Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:33.818{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CD38A39FC43F51841C6E77E8B004FD,SHA256=7DB15320121E69497E5D39DAB783F87DA43023943D3A9D1361995E5BB0EE9D76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:33.746{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0EE789EE0B6785E01AC73BFEE233614,SHA256=D30CEC51428A018946F4E464C18CA29D43D7F00FAE4A874ECBD2AE245F1954EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033269Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:34.865{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63DBFDB0935A119CE3F821E410E2C043,SHA256=7C0217E14813E7F3B67952BAEEE4E6BDF64EA9F3742B0CFAE016F8C75606EAE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:34.762{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=666949969705D49A4157C72340AAE6A5,SHA256=690B25ADB0723329B971D4A662AEFA44B3965308FE03943EACD303B8D00AB1B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:35.792{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44D73B76F6639B8146DCD6027A87E517,SHA256=1D3BF1F55EE129CFE7727554D72365BACE4AB3F80AB82C356BFFBF6DB6729E1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033271Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:35.896{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC1AAA099BC4B7E193D81DC6DB12ADAC,SHA256=94CE358AB3AB9782AFB97C0FC69BFDEEB0DACB255FAF0588A98D96A452309E4E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033270Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:32.462{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51642-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000079384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:34.362{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63462-false10.0.1.12-8000- 23542300x800000000000000079386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:36.806{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1EDA0E5A8A37AD5C5AAD69EA76AF459,SHA256=1568F15380B0765506FE09E2F2B8E6C6717D7496C38AE07B38D8E3437D10E72A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033272Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:36.896{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01D94D378233F88D6CAC6369FF639579,SHA256=011E4B78C78DF3F5BDA1E7DEC516188C5FA3B99EF9809FD3F7D6B0802AB3F79E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033273Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:37.911{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D3DDED289A3A6BB8B482F87988E472A,SHA256=65DB6DA044E1E50394FF608E605AEC54A096C076659B2213DEC1F0F4C18E5A90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:37.821{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61C8D30F8496A7D4E3ED7398A2C47565,SHA256=8E9E9D8791B62BFCE79BD894315EB759E39CF7C3B8B18A8410D415CAE0D025FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033274Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:38.927{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A58FD08CB34E1DE5718AEC92DDC5A44,SHA256=843C5E5960DE0FD8A0B333EBC9FCE0765A6454175F9BBD240B3F350F30F8FAF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:38.838{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA39BE2AE4DE5348C0AEA0CD1C4B5C29,SHA256=E070907DE19C0378B0E7895A7D01AC018C38883BF8FED876F606A780F2D81F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033275Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:39.974{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FC334A295AC47E206B7EC8423159B62,SHA256=334B3E808BE0436236FF6D1197E3AA69FCD23ECF9134A7424205C458F5746A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:39.857{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD1D70575624ED8AD15279C41DA40EDE,SHA256=76EE4DFA602252D3C1CDBE3D3684529DD14253C12258F01CF78706BD3C2A1A30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:40.871{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9745E060A2D56116964566BEF75551F,SHA256=F27ABC3A79EB6D43DE1D145AA9CB0E9046E0C0AB9BE2DFC9F8C19EF5F6F81A59,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033276Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:37.510{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51643-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000079392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:41.901{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF6FA2456D0DA074B3392AF11D944540,SHA256=D40BCA80F50204578C26EDA636188A1373DCD3558D14AB5CE6D781437E18E17A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:40.276{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63463-false10.0.1.12-8000- 23542300x800000000000000033277Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:41.021{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A86AFBD9D97A2C929DCB74B2C1B8496F,SHA256=3248074420BAD6EB657A5BB7BA1ABF965B125CF6CE1ABB32CC9897F6F6C96935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:42.916{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F63ECC3C6AEE08353505328DAC441D,SHA256=BC377C4F410EAE1E2367D8997FE2E7E20B38CC661E31A587E1088D6F0E18364A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033278Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:42.036{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E9C0C67E87F8BDFA92B192F65290E02,SHA256=FC7212C1F57CF364F7D85452D84DAD37BA2099DBB4436D3D553F8A1C6DF8E2CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:43.916{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5F02C6DFBECF0F3AC8D8A7C8780C1E9,SHA256=4DF7BA1B6B47869344BD4EAF1CE7F58351365D89F423B58DC6B91ED80673D625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033279Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:43.036{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BAA24162BC4C8970883FE632A4AF810,SHA256=4543990E61FCD418D62B82D1DF3EE30704165AD9F68684DEE4D6B9E16CEC1EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:44.934{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80FD950B2169C8B2C3C832BBB44B7730,SHA256=67A7FB8FD290B7F2D88B3D8262081F368C62567545A4706437313C513293EFD9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033281Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:42.588{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51644-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033280Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:44.052{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC217542712A3A9226E1BF47317DF807,SHA256=C5515F9506B48A62B484398BD01830E8AA4C6F5B6D9E4F4DFB39ED37CA90A489,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.983{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.969{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000079439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.969{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.969{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.969{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.969{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000079416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000079414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000079413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000079412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000079408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000079403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.953{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.952{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1BD56CF596D52D9E4371DE9CAEE95E5,SHA256=DE16BBEE07D97EEC6DCEA3AAD2323521FF6C7A5345784EA1E017F0A41A2E5F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033282Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:45.068{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C5E60BFE99EC8F3272B71D1A7BBA12F,SHA256=A5E891B0F25F26D44030980B2A749A5116D995D2213B4BA930FA4E781F0157B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.998{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50A4BA612FF922A845F09CF48DEA93F4,SHA256=C2FDDE82A4015E0CC677E45F8FFE453AFAA4FD5F7C46535F7F4D25589FD57211,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.995{8057F119-310A-60EC-400A-00000000DB01}60045796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.994{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.993{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000079502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.977{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2320468C76B4025A991E4F5DEC260C22,SHA256=D4D4F92E99CB79059CA8315FF8832A74523AD232E17EB86C289599AB6E7AC3E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.973{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1B81E547B8E8F555847BF0BFE661B484,SHA256=B5EDE167DFBE9CE5F1B86ABEAF65BF1DE7FCDE28EAFBBDC70EEE8F312EF03E73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033283Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:46.083{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7E7C96E18DF02FCDB0D3EB5F5E9CAAD,SHA256=1891B35CC682890E926B609664E5ACEAB5645185646ACD206301D8450D57BE35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.839{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FAD05C1F1BA5BA66F2421C621F096C6,SHA256=AC53934AB8E4C0D326550923C64708CDF61C44B33EE1E2AA995AC341ADDFCA1A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.670{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.654{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000079463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000079459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000079456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.638{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.639{8057F119-310A-60EC-400A-00000000DB01}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000079451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.304{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.302{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:46.302{8057F119-3109-60EC-3F0A-00000000DB01}9988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000033284Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:47.083{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13B1B4993EA9EC52FB40EC18F9E5B28F,SHA256=8D9A6329A7F511C45E3776A87F6314BEA0AED3DB173839BB3E438037E74DF383,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:45.353{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63464-false10.0.1.12-8000- 734700x800000000000000079557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.443{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.443{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.443{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.274{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.274{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.274{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.274{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.274{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.258{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000079520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000079518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000079513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.243{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:47.244{8057F119-310B-60EC-410A-00000000DB01}6344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033285Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:48.099{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04F00CA9992A5566F61C226D0EC83BFD,SHA256=8AC9D3BD2CC81DEE718BD4159C0D768E531F3EF7C4B54293D0B06DE255307407,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:48.259{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2320468C76B4025A991E4F5DEC260C22,SHA256=D4D4F92E99CB79059CA8315FF8832A74523AD232E17EB86C289599AB6E7AC3E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:48.090{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACF068A5DB5317724257557B71B2E5D0,SHA256=C7D5D17D54FB9B989466EF91A34F123514F25C3930CEECD26089B7D08109E91B,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.590{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000079612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.590{8057F119-310D-60EC-420A-00000000DB01}88689448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.590{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.590{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000079609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.527{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\aborted-session-pingMD5=8414CF64D55E9A458D1034134308DC1A,SHA256=5F624DEF266CD1A733FF90AA1F32027B4808E6122378B4727D5FBD6A6C74BEE7,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.390{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000079573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000079568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.375{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.376{8057F119-310D-60EC-420A-00000000DB01}8868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.105{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DA952A75D2CCC8456C54C57BBF4BE3B,SHA256=073A150BE1460A8BF183F97EF1AE09219BE02C302C582288111266D1AEB9F58E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033286Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:49.115{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C8843D84DAA01496FB279ABE53C49CB,SHA256=9AEAD33E95E549B59DC07B705ACBE52ADB9082C063D7E34D5F1CA29C0FE776F9,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.744{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000079718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.744{8057F119-310E-60EC-440A-00000000DB01}89969344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.744{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.744{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.575{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000079680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000079675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.562{8057F119-310E-60EC-440A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.559{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0FBE581DF8376F93B8FC2034FBC9180,SHA256=95FEB2E10C036E7A0D4A6BF1B941F99B6409028642CD4BC4D2638DD35228EFC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.525{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F7E9FFDD1304DA0B6E0772FCED2957A,SHA256=023ED04AA72E8A651DB2206B55CDD055490C9D97396CC886CA493D84AC946CF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.523{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0958466FB9DA837812914B02E93390C,SHA256=1F339423DF207C56488BA4467702D9D5EF58551B7B2B4206DEA61C0BE9D45295,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.258{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000079664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.258{8057F119-310E-60EC-430A-00000000DB01}86969644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.258{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.258{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000033287Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:50.130{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8471A848559BE9620C8A50989B5229FE,SHA256=A918D6629803D9AD33B0B515A5A1485660B440F0F3324AB59657BA26BE6E6795,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.058{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000079626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000079625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000079621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000079619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.043{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:50.044{8057F119-310E-60EC-430A-00000000DB01}8696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000079727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.912{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63465-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000079726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:49.912{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63465-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000079725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.674{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57BD596265B9A7AB7A2653003C2D1B2A,SHA256=D87701C2532E3E45AC848DDD77C497FCA7DBF222EC2A4FE3AC9ACBF180199CD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.674{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=652B154704AA21881F052DB945E4145E,SHA256=33837B762E05D4A49FD2C99963C096F13ADA1296F34F5F30087829AAF68BCC32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033289Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:51.130{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA82E70B459232BCBD60236B2CB6E8ED,SHA256=4BA575C22FA5083F5DA70DB00F561B4D646B4CD6834224370B81E1A3CB3CC58B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.223{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\AlternateServices.txt2021-07-12 11:09:51.159 23542300x800000000000000079722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.222{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\AlternateServices.txtMD5=C4FAEF4A7DB85947996B25C8F6F89A6E,SHA256=1782580180E38F82D0EFDDDA9B18AF72CE4D8BF5015C929E9F27C3BFEFA9BE42,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.159{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\SiteSecurityServiceState.txt2021-07-12 11:09:51.081 23542300x800000000000000079720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.159{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\SiteSecurityServiceState.txtMD5=ED8AFD9885FB9B8FF1BFA40AA4BAA512,SHA256=E2EE664563F994719D02E8F6307B10F284F26114CB3D7608FEB8A8A492D8ADBC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033288Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:48.526{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51645-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000079729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:51.312{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63466-false10.0.1.12-8000- 23542300x800000000000000079728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:52.688{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D58282EB11BF9E02185A46A37402C71,SHA256=CBC18FA0529B2EACB17204CB46A68D99D75FECAE64ADF9818CB910762291C522,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033290Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:52.146{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2351D2ED033A9E70FA25E54208615993,SHA256=54A8F4E70103A5CC98DE39A24B687DAF67BCF0F377EF536D92C9A616388443BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.941{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D48996A8EF11C198B45E4050F3FF13D,SHA256=2580FBF934060E21ADDE2155F408056C1FBB2620664922DA7849E72BFAACA45E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033291Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:53.161{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4FBF28BDE7E4D46ADA0551807C8C993,SHA256=6BD446E25641A5A9D5E17225C5438DBE79A59868B39B598C8A36B7C48D876884,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.388{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.388{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.388{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000079777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.204{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000079763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000079741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000079736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.188{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:53.189{8057F119-3111-60EC-450A-00000000DB01}9504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:54.972{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=148F998C22E54E2178D4DF5142B45A47,SHA256=18927ECEBA8C0EAA0569F94FB69B72CDE70D3938F34D3C015A1F3148C6FC5C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033292Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:54.162{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BE0DAE390FF7510E79FAA9E5C423124,SHA256=214D40B0C52FF561B60A76FF9DDA22F7BB57043CE259034EF6E920DE97C7349C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:54.203{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4257AB3D5CED5727805E66C06FED5A0C,SHA256=08B5A800E53E5778901C970D02CB4AB81806BF3F5007A6303A462C31D8C9EDD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:55.972{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0380DA2760B475DDED4AEC2A49E0A05B,SHA256=50419FF099F22F0A9B75546201AFC2ED7C60956A9B64E1F7DCB076E1D64B8091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033293Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:55.178{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03997636F8F64FB336DFACFA49B9B23,SHA256=873B198C7C010A1EA7211F6B9B7EB54F635D22ED0EF56BCE2724CB13C00D449E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:56.975{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A4995F7F7707E3C52EF18415397DB69,SHA256=944BF0A9AC6A3ADE7D76EC51860D49984F526419DE489A506D81C4FFF65C29AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033294Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:56.178{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4C0C2D67CFFEC85BDD468878550EA9,SHA256=32B3623363068522D03A23A5C4322848D82B0709476642F405C01EB25AE562C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:57.989{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0CF1ED077168B8D4405DFB36A7FDCD1,SHA256=734C65DEA5EB7A75AA1AEC071D3BC64255E6928C71F595E39F4200F1491D07C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033296Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:57.193{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E82FCB0923B92E74D7CBF81120882DF5,SHA256=87FE0DADCB7221AC3D73C1DA7A2B6B461E3F8260A7CAE363016E66FB9E8EC018,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033295Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:54.386{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51646-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033297Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:58.209{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E74C544CFDBF54D0635730E57BA46C4,SHA256=B10EFBD029B36C0BBAA6680730F92B37E0B40E18015E7E6A4B0B9C9995C60923,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:57.281{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63467-false10.0.1.12-8000- 23542300x800000000000000033298Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:59.225{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D640777660890EC683A072989E5B1E73,SHA256=B0557D85B4871FF95BBAED314FB92A221403D9C6A052226E16343F1C2E60104B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:09:59.004{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C751068B5A3534EA167E0B756010F1E2,SHA256=74B7736760DABEA3A6A92E025400AA90407A641A8948BE85C93EF098706B9476,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033299Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:00.459{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2D8F6FC1583EB45F7E202E347B5F0C7,SHA256=7871A50FCA955794736BE174CA718E2ADDC6EAD015C016833510BA1B73AA8C2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:00.005{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8A26B3F827BA1BB9F6CFB24DF9FA5DD,SHA256=3770BF03718F9C258C4C6E7BD009CA49C2F38E139B7CDA99F75B2C3D7008C8E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033300Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:01.678{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DBEA56487CF0C3932ED4826F6245411,SHA256=9B60A63C4025FC1A9DAA2E737FC9617418C4603E91528F73C4D2A1007324E86F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:01.023{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9821BD427A9CA44AB83F58D01514B08C,SHA256=1A836372D9A06ACC8AE67FBCDC667015653DEF8E34AB6D7316B4C8575F4CB92C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033302Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:02.693{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB8E1AA544B449AEF28D29F032ACA6B6,SHA256=5CD439877985294FDF54BAEF1B8C12FCC3A78950587CF53457794CA1D76C3D42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:02.056{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEA60C928F93964A80FEA2150A0A603B,SHA256=F3EF319C1543DA573CC2C8020DBDEAA2FB45E37A35113BA26342CA9B1988A8CB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033301Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:09:59.386{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51647-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033304Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:03.912{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20566ED001C0C28B5F7A822E545EF557,SHA256=108D056669510A288C02EA855480C5866F2B0E7051BD31775D4F5BF532FECEA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:03.788{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=6E9DCA762B6159EC00774E81951AEDDA,SHA256=13B1FF596A61BF96658201E1073296BDCBAF06972ACA1CEFCDFFE997973F04D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:03.057{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13B968EA30FA9925FD127F94F6669B86,SHA256=6C69209F1B26062A1F55B7B93830488F5C4C55E5838E03BA7C3A9A82C336474C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033303Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:03.209{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:04.088{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC779780928DF467A84F81720242E69,SHA256=93115A7B950B0ED11D8973122436DB1B3BA857E8A717222736C758044A67F811,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033306Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:02.542{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51648-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000033305Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:05.146{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE61A7DC90F4E6DC85E20EF2349B54B4,SHA256=759003438D19453F8CAE2453930F89FF3675030D7B5025E38FA1D52827325DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:05.121{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5765B6B62CD0347BCB2DF4F0A254BFF5,SHA256=6F0E2E28893765B7FAE10E2D8E59FBF1A2FA5B2C86B2B5CDBF52FE8E901DA84A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:03.211{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63468-false10.0.1.12-8000- 23542300x800000000000000033307Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:06.303{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33D67F98A3503A015FC41240FBBF9B30,SHA256=BC2E35214C3341C84213C426CA3820528BA859510C04AB9602C390B88AA49FCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:06.155{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87E77A8732256A76CFFA4808943A78A2,SHA256=4232C79354994A541E7875017BBE60A70302950360ECCE3A639E9664B4E2D800,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:06.155{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033309Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:07.318{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=023008BA586562269613C08CC8287BE9,SHA256=F916A3F1698A723B16C88A9BA7D25FAE1B643680DEF3EA314F84E76B96584BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:07.156{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AA01B73A740D827AA871C57C32214E6,SHA256=F1FC652B98BA14F058F928FB6ED2E55AA1BA8A58FCEF38BF5F3DD1808C99771A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033308Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:05.417{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51649-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000079799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:05.258{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local61989- 23542300x800000000000000033310Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:08.320{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A9F7E3EEDF01BF01664905E2369A350,SHA256=6A26855B78413DAEF39C9F35A5FA0D0EF902A686118458ACD24BF2E468A3D801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:08.171{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C22B5F5C94C9DD46BB0A74D0C813B3B,SHA256=637BDBC9EE3A954B1706A93E173B4A4CC96C6A83FA7E7F4B657261CA3609A69B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033311Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:09.332{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=688ED9C85AA1979988F00AB614B7E0DC,SHA256=767D8BB85721DD5CCA94165264143E28733C4C39C22BD1F2A8FEBAC1FAEEC51E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:08.309{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63469-false10.0.1.12-8000- 23542300x800000000000000079802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:09.186{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=882CD70377651EA3C5DF6B642DC7F651,SHA256=F2CAA8F5A73A0AB591949D46EDFEAC6B0532462729A360A9DBE425637EC00063,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033312Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:10.335{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8085EAB6BFFB57BFADF56706DD1D389F,SHA256=080F340B4C0AF6BF070425D3073CDF90F2C27BB162A1055A98065AA485A42705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:10.186{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6758735CFBAA178FFDC013839B067E09,SHA256=D062B03BF3BACAB60EB5D83FE9E405ADDE6C9C88774F87A8855DFFB1FCBA5BB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033313Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:11.350{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D457373E81291EF7712A946BDFBB76F4,SHA256=21CBE213C236A361CFB5C6EE27A4E57D595AC7ADE8CA9DFE5FE118FCB1E5798B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:11.200{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11B82B8CECA46A78976148AD5BF6BF02,SHA256=DFBDAD0183FAD277BCA866906D4B0C1B966C55A4F1D9F6BCA8818482883A910F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033314Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:12.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A90FB6668434C0C11C528ABCFFB6F842,SHA256=FA90D6AE0C55C21F61E4098E1645C97F95647E5A44B55829ABF4E6E9A9052B01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:12.219{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A44C670B683F9D71B1B4CDCFB874E4AC,SHA256=6D065B7BBCC1176681854D4C9B100A91C58651133CA3B818EF7D0962632FD402,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033316Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:13.600{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=351BCE467C300BD1B4E3D87B8301FEBD,SHA256=721DC7FFCE53D4B71110C1F1FE353E14D9F23534A5427D86061F238C553DCD5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:13.254{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38EFF63E7E61F77E62D2931FDCECBA1E,SHA256=F8B5AFB4879222D16248FA52C6A76F6BA66EDB1C6389C11BA11EE7026322E9B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033315Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:10.590{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51650-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033317Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:14.681{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E593A6062CFF73D3C1E5A2E9F9F0C0E,SHA256=B38418618B568FC8EDFCEB03CE5B592901522D05F426774F5E32C0FF05AB2561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:14.258{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEEC45BE5F1FC9FEF438EC508365F1F2,SHA256=6CA755F867F0F80C77B7454154CECCCA49B3E9A423AE6A67EA70417699D5C628,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033318Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:15.916{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBC81BFF7CEC483BD7DD0897604F5323,SHA256=D1958EDF8A7C7A4945B759EF49902E461DE9E1383C490E3D5EEF87A0E908684A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:15.273{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76936F39BA8BC0716AE4B8C57760069D,SHA256=F46EC17A6F20ABBE2A4812F0E41383208603EDA6B05FE6A26E2B6DF9DC384E65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:16.274{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=125CD8DACFC9645C4E81750AB1B5C7CB,SHA256=1D8B2C242DB25CB18AE9C8224256D0E4C3D7F2AD363349F076F3AABFAAA1572F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:14.359{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63470-false10.0.1.12-8000- 23542300x800000000000000033319Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:17.150{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F238BED5FEABD6404C6FB6A687025F42,SHA256=FECFE7EC292BDFD8A4C5D66E6401552803F0178DA4C6FD632F552C48E2093667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:17.290{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3471FD07D6351A16AEDFC27B09500657,SHA256=AEEA4D1ED1C41B848DED2D859C92897C974738A24E81A90653B2FAD7388BDA88,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033321Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:16.358{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51651-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033320Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:18.385{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C071A383ACA77164CF4B9149B58AE2E,SHA256=89A68DE3991FC1F39E029CF1A6D193D3A5B51E2D93B87E2407428F8F5CFCAE2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:18.306{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E3993454F1A80391FB9D6AF890784B2,SHA256=3850182897734B9B234BD9A9071A07A5027FEACA946FB51FED5D3A88A2696A3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033322Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:19.447{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D27392A52ABD41F7A364F9A08458A4A6,SHA256=E7E05412172B970B2F206118612E5A46FEAD54C4B90B94BA8E51527CFDC663B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:19.323{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E123F769244CDA31A74BFFF734AC2760,SHA256=A688B302C5306C7403EBC04ABF3B8B221A487265961F8931CAC08B22B68D5639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033323Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:20.681{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F91E866371F1F60CAC0E81120A37167A,SHA256=4D4CBAEB412B6F4F1E1A74487D39E46F918AE9DAE85CEBCEB152D4E7867695C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:20.343{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E2A37B589D605D28FF32E23F80ECF6,SHA256=055C50791D544F91AB28BEC6A4EDD389AE982C8F02134E0F0F2677653261109F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033324Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:21.713{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=108039D12523EDC29E04A95D8C1CAA96,SHA256=D86120C959D7BA29A23B17D95AC92BD692B786FC7117414EAE45A0F79222F0F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:21.345{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2260596377977AFE1E9D14824638F357,SHA256=8AA32F481616FC780F2F57B4A4A7CB4A06FC39EB045E725D6C6C1F193A63474F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:19.363{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63471-false10.0.1.12-8000- 23542300x800000000000000033325Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:22.775{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D05C3CBF6042F6B09A595F76AB88E02,SHA256=38C57917330C390A52942D1529E5C00F132584DEA72BB3CC2A4D189ED8A7F23C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:22.360{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0B40A49C2B4BECAEDADED1000838C74,SHA256=DD4902678145AE78AA48855A40C93F8D8FA7DE4AFCB86540BE853C0F4BD0FD38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:23.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56A5C4A62A06EDE2A0DA8B48C5F28EFC,SHA256=5F43B14EC386D538F818CCFB1FE25665BF4DD30A6C3D2C58C2E49DDD0E9B735A,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000033350Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000033349Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00972636) 13241300x800000000000000033348Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770e-0x826b933a) 13241300x800000000000000033347Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0xe42ffb3a) 13241300x800000000000000033346Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0x45f4633a) 13241300x800000000000000033345Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000033344Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00972636) 13241300x800000000000000033343Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770e-0x826b933a) 13241300x800000000000000033342Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77716-0xe42ffb3a) 13241300x800000000000000033341Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:10:23.650{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0x45f4633a) 10341000x800000000000000033340Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.635{50946567-312F-60EC-5905-00000000DC01}39003936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033339Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-312F-60EC-5905-00000000DC01}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033338Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033337Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033336Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033335Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033334Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033333Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033332Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033331Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033330Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033329Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-312F-60EC-5905-00000000DC01}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033328Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-312F-60EC-5905-00000000DC01}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033327Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.463{50946567-312F-60EC-5905-00000000DC01}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033326Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:23.447{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=719898EA18253A463F4968FA81454A9A,SHA256=50D30771A36A6C1FFF8E2E9C0002747397D3AE66BE491A3DAA813C9E2E339F56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:23.045{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=F69A2EE121B75C68F0B23335E11B91D3,SHA256=0FB2F927D0D2A4670B33BBB43B308C8B456FED7E70F42B3098914D3C8FDA38CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:24.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4EB259172378013CD86C8EBC643EE30,SHA256=5B365AF5B8D22764E0A7330D4CE13724E73B8A014BBC41834B480467FD083F6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033381Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.948{50946567-3130-60EC-5B05-00000000DC01}38921456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033380Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3130-60EC-5B05-00000000DC01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033379Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033378Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033377Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033376Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033375Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033374Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033373Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033372Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033371Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033370Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3130-60EC-5B05-00000000DC01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033369Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3130-60EC-5B05-00000000DC01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033368Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.808{50946567-3130-60EC-5B05-00000000DC01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000033367Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:21.452{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51652-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033366Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.495{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2121382670240326D5C1F9836DC6E89D,SHA256=7F180E04FDBB106835061F1D4A4944ADF3434CD149F051EFD6E69D0815AA0036,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033365Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.495{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9582CB5BC0DAA2AADF85DD06551E599C,SHA256=251796FD3BFEA80DCCF8B44A37031543A34EAACD6F0C21610790E5FE41EBA78B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033364Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3130-60EC-5A05-00000000DC01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033363Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033362Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033361Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033360Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033359Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033358Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033357Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033356Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033355Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033354Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3130-60EC-5A05-00000000DC01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033353Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3130-60EC-5A05-00000000DC01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033352Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.135{50946567-3130-60EC-5A05-00000000DC01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033351Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:24.025{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33AADE87478463070AF16B31AB7A1590,SHA256=B13CCA59BB4219674240C676877AF0E6870C34203B07EE64BE6AC151EC6CADD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:25.406{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=215654C847CC9A6B98792FD27887970E,SHA256=EE5F6FF6E2ECA8A86868D949B06F7F214BAA40817F3BF7668112AEC7C90EC2A7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033395Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3131-60EC-5C05-00000000DC01}3872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033394Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033393Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033392Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033391Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033390Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033389Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033388Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033387Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033386Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033385Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3131-60EC-5C05-00000000DC01}3872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033384Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3131-60EC-5C05-00000000DC01}3872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033383Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.480{50946567-3131-60EC-5C05-00000000DC01}3872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033382Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:25.136{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BBEA0102D4772000C221C5F0E4E6AF4,SHA256=2ABEFD7F5FC1FC39ECC8586AB837B08E4EB96ED8045179E07E87C835EA2D6BB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:25.191{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:26.406{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B26A8449053BC2017D44EB10DC60855,SHA256=9F4D7870DF451FD21F45DB3E9932D9911B92DA35FB53B77D0BD5151212DFA7EC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033411Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.323{50946567-3132-60EC-5D05-00000000DC01}988516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033410Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.277{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=662EE9BA84BF1B8F520D35B52796A52A,SHA256=98BF0FE86A89EA45DDA576C8227C00F667D7FB17CEBFBC5BC170633C7878C9B6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033409Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3132-60EC-5D05-00000000DC01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033408Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033407Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033406Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033405Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033404Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033403Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033402Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033401Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033400Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033399Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3132-60EC-5D05-00000000DC01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033398Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.151{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3132-60EC-5D05-00000000DC01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033397Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.152{50946567-3132-60EC-5D05-00000000DC01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033396Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.042{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2121382670240326D5C1F9836DC6E89D,SHA256=7F180E04FDBB106835061F1D4A4944ADF3434CD149F051EFD6E69D0815AA0036,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:27.424{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56D9795DC6920B7088330656134B65C7,SHA256=CDED229E6B2E23A101F51CB4F80540D4071627BE1E4923C8F229F8E16446DD94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033413Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:27.292{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFE264CEC3E1653EED65BA9CB0159839,SHA256=806C77F72CF9174A0CE9B5880CA6BC31442BF6266A8476EEE1898382E3635354,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:25.360{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63473-false10.0.1.12-8000- 354300x800000000000000079825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:25.313{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63472-false10.0.1.12-8089- 23542300x800000000000000033412Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:27.167{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6EAED534E09BFCC8185C8AF23A56FF16,SHA256=3B9CA0A50EBFCE4E58C00219ACC036A3282911F899785C9EDD51B9002B54F90A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:28.442{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C164F64A59274FB06CF8794ECD164E7,SHA256=326266FF0D155A1A6AAA951A1A1AFD7C736AC5EDD406DFEF8D24EAAD87896793,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033442Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3134-60EC-5F05-00000000DC01}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033441Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033440Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033439Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033438Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033437Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033436Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033435Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033434Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033433Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3134-60EC-5F05-00000000DC01}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033432Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033431Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.917{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3134-60EC-5F05-00000000DC01}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033430Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.918{50946567-3134-60EC-5F05-00000000DC01}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000033429Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:26.500{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51653-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000033428Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.417{50946567-3134-60EC-5E05-00000000DC01}35203788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033427Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.401{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AFD8EB989A7B221656AC1080BD6E2D2,SHA256=0F193761AD42F102715B9C83A045DA9A7075BC8A68A4BD4D62F8F0A6C8EF8BB6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033426Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3134-60EC-5E05-00000000DC01}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033425Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033424Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033423Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033422Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033421Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033420Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033419Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033418Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033417Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033416Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3134-60EC-5E05-00000000DC01}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033415Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.245{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3134-60EC-5E05-00000000DC01}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033414Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:28.246{50946567-3134-60EC-5E05-00000000DC01}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033444Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:29.417{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91A92F3990FADA5E21FA43763E265251,SHA256=4B91D08D17384C8EFC8665C0EEE43C791CA9DED041CAE61563BEA4584BE95FCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:29.443{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F190097292EC6CBDAF937FD8E5FE79D0,SHA256=15F53D56CDF89CC2572167CF6B66C5B14676F5D319687D30A94E667B71534D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033443Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:29.292{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E41D4A5F01DE98382ABF5BD492B66584,SHA256=05FEC4B69D9ACAF37863A98AB52F2EC613FBEE5D4E8CC77EE77DB11E14D452BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033445Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:30.433{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCE5A14CA616FCB7826FDA50B420C940,SHA256=4DE6D84F30105F6603EE9B391098DB9D8E7F17A8BBD78DC3093364641C069510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:30.473{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A950E610BB376EEFDD55B06D7310D4F,SHA256=649C789B2A95C0EFC5C7D896EDC8CA2DAC30B3E5F5E27BE61511EF5EF206412B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:31.504{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B5117D9B1F0DFE6B65D3876D139F120,SHA256=532A79BD0CA8FC2764A7B423EADEE9155F4CAB4DAF24B965C02C1955099719D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033446Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:31.464{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B92C2A617D36A0B86DCD62EC53F86366,SHA256=B40969EADB033E7813981794E0F8501736D3B4F10EFD37ECF53ADEADDA02FC7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:32.522{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F3637ECFFF6EAA213C0EDAE232B9D0C,SHA256=ADD8CE9B7B0E50B627E67306127B740A625E1DDC2FF67BC9D75303D797C986D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033447Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:32.480{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84B8A0077A0856734587ACBC93F0EC93,SHA256=CCB46D8AEA0283FDD4C352741AF5B31E2B22382425466619A7CC3FAE8C43DFDA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:31.280{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63474-false10.0.1.12-8000- 23542300x800000000000000079834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:33.524{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C43F39B4AC12D4293EE9E12DD2E27153,SHA256=235A3BEAF151A12CD8C3F45CA608ACE4C2BF9EB99E9F2BFCF660C9B6808C8744,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033448Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:33.605{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC5B4209D9A8426738E2BEEBD245124,SHA256=9D7ECC69B509D934988501B98D7AFC76F9DA1630E3EDD81B8E527A42BCFAB60E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033449Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:34.619{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB3E9549A1520EE9B58340932BEBDBD6,SHA256=2685A226622DE1F7DE5ED4CAC7B561AEEF48287228EA20A50CDBD9EE0C8B24E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:34.527{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E18ED0A60F0ADAEA6D92C0AE34E4FF9,SHA256=6B62064086523CEC0844887B6090C5579A0BDDB7063158AB8235F185269575EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033451Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:35.634{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B54BB2CC3EB17BAAA492D4E56A25987,SHA256=01F9B7590B7F4190D96D23B8FE0B19EF3F7BEC3C0C85AC9F4C9703B78EC17723,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:35.549{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20590615C0DFAD3D7497D8A6F973E584,SHA256=E0A4D9D7B3AFF1A4EC25991AFC81B75E40380FB295A220A007FDAA106D8FAB25,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033450Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:32.423{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51654-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000079837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:36.564{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CCCE393CDD1B26A5198554CF5983729,SHA256=0CA27F489BFDF7D14D77064EC4D21C3C78757A22447BC641A782B89EFFBEA3EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033452Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:36.650{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E380C30F439D214787994895A6620E4E,SHA256=CFD9AAA5661D1D67523C16EBEB0D81F63140C6E8478CFC22B76EB1DC54040D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:37.579{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=256A807FB959A7C8CD1076916164E11C,SHA256=6DB8343EDC6A1F59E0B139937DF6A438DBA6213CD895CA349BAA88AA26AEC9A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033453Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:37.665{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE119DC0A52513E53C2622378F00F5D5,SHA256=381CDE07108C1E8CD4A3EC171059D39BFFFC896BE204B7E471545892C4904C97,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:36.318{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63475-false10.0.1.12-8000- 23542300x800000000000000033454Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:38.681{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=913E16705B64E379892C0B267130C18F,SHA256=EAD40B51657BA44A9115C0E1CCF585AA0ED71A8047AA6A6F31F8D9D7351AD7CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:38.579{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AAB32F278E2839B164C343F0844268C,SHA256=5FFC0012B14EF8283C3B7408E4C282BF773C9D9B85024611EA8C5803E75861DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033455Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:39.697{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54887912AD764817D124F53761B91012,SHA256=CCBB4B36BE9744DFCB68BAA29F375742B6F4FC4A1933E20B68C3333A400AB0DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:39.610{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CBD2165022BE0FCAF486FE3EED39EA6,SHA256=1CB2420C9507402860A7B2A2CED59141587BBE01AE49774CD67F375F2FA066B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033457Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:40.712{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB218C6FC126E057C7AD7D91DA5774A4,SHA256=35B54B684F6EA9DD0A32124260EB448A26CB7876A25D52588BA7F8C70A4D0DC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:40.611{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BDD7F39CFBB73C01B6C35E02049BCEA,SHA256=4704E6DB0953D956302D9531CD12EF4CA1F3EFDA499AB0B9E30C1DF76FD9F055,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033456Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:37.577{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51655-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000079842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:40.509{8057F119-21BD-60EC-4B07-00000000DB01}58802416C:\Windows\Explorer.EXE{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033458Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:41.728{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66271CAD0B34361815CEED71A4E9A788,SHA256=7F5F7D2C3510C792B3DE97B4515827EDD427D21A435A4E44731D2DA8D742CA66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:41.612{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C66FD8B5BFA802A29A511352E647AFE9,SHA256=6637117835F266A6DAB7FB1960CBFFA89036787BB76F8CFFB04D0B99428172A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033459Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:42.743{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=089E6A1C57DC3C28A6DE6C944E7E8F2A,SHA256=697A4687052561455E14D9B3D6DDB813C1D073DA012A426C7640C9ED425FB509,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:42.629{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68A6D9481DBE5FC950B38D39BCCB0A1A,SHA256=17958B010EE024F7586C2CA16DD69245D3E2BB397FC9C2F505C47BBE857A816D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033460Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:43.744{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF604BD9CAC9AC38D74898BAB6F2532A,SHA256=4C03206991DD766BE5A9BAA78A941C826FC9EF7F616D2BC1DFF2060686F9F48B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:43.649{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D617990C7EFB22A9FEE8BA6E4418326,SHA256=29589127D9C61E3E06F7E0BC50E0F40B975D0991512C99EFD1360104842F3A17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033461Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:44.759{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6344E4386DAA58472BD6ABFE3028669,SHA256=D438840BAFECF9296C4AAC90A21EFBBC3301D3A4F4C908C9D6AFC2FC9335179F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:42.319{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63476-false10.0.1.12-8000- 13241300x800000000000000079913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.431{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigHashSHA256=92CA74F62972E58B28C7328C3283263187A82886FF2EF84352B304AD573CDA7C 13241300x800000000000000079912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.431{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigFileC:\Program Files\ansible\AttackRangeSysmon.xml 13241300x800000000000000079911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.429{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\RulesBinary Data 13241300x800000000000000079910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.428{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\DnsLookupBinary Data 13241300x800000000000000079909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.428{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\CheckRevocationBinary Data 16341600x800000000000000079908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local2021-07-12 12:10:44.431C:\Program Files\ansible\AttackRangeSysmon.xmlSHA256=92CA74F62972E58B28C7328C3283263187A82886FF2EF84352B304AD573CDA7C 13241300x800000000000000079907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.428{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\HashingAlgorithmDWORD (0x8000000e) 13241300x800000000000000079906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:10:44.428{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\OptionsDWORD (0x00000007) 12241200x800000000000000079905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:10:44.428{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\Rules 12241200x800000000000000079904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:10:44.413{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\DnsLookup 12241200x800000000000000079903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:10:44.413{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\CheckRevocation 2553225500x800000000000000079902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local2021-07-12 12:10:44.428ConfigMonitorThreadFailed to send message to the driver to update configuration - Last error: The system cannot find the file specified. 12241200x800000000000000079901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:10:44.413{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\HashingAlgorithm 12241200x800000000000000079900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-DeleteValue2021-07-12 12:10:44.413{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\Options 734700x800000000000000079899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.413{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000079898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.380{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msxml6.dll6.30.14393.4467MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=ECF3F9FC612FED875FC8A10052F82CE3,SHA256=9A06876BCFF61CFBE46F80EC76A61E66D80D734607D9503B4162840DE2039F16,IMPHASH=A74F148CA887740D0E045C70ACC762EBtrueMicrosoft WindowsValid 734700x800000000000000079897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.380{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000079896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.365{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000079895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.365{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000079894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.365{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.365{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000079892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.365{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000079891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000079890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000079889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000079888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000079887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000079885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 734700x800000000000000079884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000079883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000079882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000079881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6,IMPHASH=06716A63D3E6F97CB489B0D6810B3519trueMicrosoft WindowsValid 734700x800000000000000079880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\mintdh.dll10.0.14393.0 (rs1_release.160715-1616)Event Trace Helper LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmintdh.dllMD5=32254E75260F1CAE3AB9EAC044B344B7,SHA256=B714E3CDEB23E63894D62E9335F51E301A9093F263623CCEFA2F674AABE7D629,IMPHASH=92D4FBE8F70FD95D329EA4882A8C3278trueMicrosoft WindowsValid 734700x800000000000000079873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000079872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000079870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000079868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000079862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000079861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\tdh.dll10.0.14393.4283 (rs1_release.210303-1802)Event Trace Helper LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationtdh.dllMD5=18D509F5788831270FCDA4D11E023E37,SHA256=08965C78D75432D1E1199E8162B3FB3FE11D89945B69BA48DE6F595FB280E52F,IMPHASH=E0A9B1840595F8507313FB797C5187E6trueMicrosoft WindowsValid 734700x800000000000000079859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000079858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3058-60EC-200A-00000000DB01}70728392C:\Windows\system32\conhost.exe{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.349{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-MD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7AtrueMicrosoft CorporationValid 10341000x800000000000000079853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.333{8057F119-3058-60EC-1F0A-00000000DB01}57762460C:\Windows\system32\cmd.exe{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:44.346{8057F119-3144-60EC-460A-00000000DB01}4940C:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c "C:\Program Files\ansible\AttackRangeSysmon.xml"C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{8057F119-3058-60EC-7B5C-870000000000}0x875c7b3HighMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x800000000000000033462Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:45.759{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F3103FE87DAAE13FC169143D8EDB20C,SHA256=04BD125F0F8EE2C6DADBF78F073CBD70FCE49618FEA9304F8D8DB2283EE5698F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000079956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000079955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000079954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000079953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000079952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000079950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000079943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000079940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000079939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000079937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000079934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000079933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000079932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000079929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000079924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.980{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.981{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000079917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.349{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E7AD91212B50DAAD32F3046023E88F23,SHA256=33E1B87BE2DA7A97944BDFF3A82A6513947C925C6BBA5A3C8907A0038FFBBD49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.349{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=451F939DE03DB90A885CDEE4D0E98962,SHA256=A8DFC7CA3A48AFD55D7D72723921E6752CBA876EA1CDA59FA8BD27D070D6E783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.164{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82F86648DED84B151CAB4C808C732D10,SHA256=8C23208ADF9A64239E63BD54422C9053ADCDC1AC9394F40EBBE7C0C0DBB3F1B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033464Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:46.775{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=385ADBDB96F119EF4703F2153D76A8EB,SHA256=EC170BEF19F2577EA983BDF26EE4F4251238334B44EDC0B6D142525E85044BFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.992{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E7AD91212B50DAAD32F3046023E88F23,SHA256=33E1B87BE2DA7A97944BDFF3A82A6513947C925C6BBA5A3C8907A0038FFBBD49,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.747{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.733{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000080022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.733{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000080021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 23542300x800000000000000080018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0984FAA5B31D78382D1269E87B7E341E,SHA256=BD7D495FAD9F8DD8BEB60940575A40A54F72C3FFBA560CFBE995EE4A760887DB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.500{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000080011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000080010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.484{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000080002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000080000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000079999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000079998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000079997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000079996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000079994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000079993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000079992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000079991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000079990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000079989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000079988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000079987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000079986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000079985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000079984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000079983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000079982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000079981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000079980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000079978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000079977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000079976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000079975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.469{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.470{8057F119-3146-60EC-480A-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000079968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.243{8057F119-3145-60EC-470A-00000000DB01}101646968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.242{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000079966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.241{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x800000000000000033463Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:43.482{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51656-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 734700x800000000000000079965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000079964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000079963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000079962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000079961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000079960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000079959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:46.011{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000079958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.995{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000079957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:45.995{8057F119-3145-60EC-470A-00000000DB01}10164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 23542300x800000000000000033465Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:47.790{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50386BF04C1C410910E558C9BC2BC033,SHA256=C4CD2904638F30E92B62A1A938994995BE4C79ABDAF5BAA11220D35DAFC9C80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.595{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5206F1A1833D0C49E60018A9F3FB9F1,SHA256=B0AB2FE10B722DE25B910BFD00C38A00912382C4EF529DB96689FB79A78B1906,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.357{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 23542300x800000000000000080076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.341{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAEFF1356704F889383FFF3D4988A095,SHA256=D1097AC1953A71677BFC605C239459AF1D54F0DABAD7F787F87DFDE35395A4F9,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.341{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000080074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.341{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000080073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.138{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.138{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.138{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000080070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.138{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000080064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.123{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000080053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000080051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000080049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000080048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000080047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000080045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000080044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000080041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000080040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000080039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000080037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000080032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.107{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:47.110{8057F119-3147-60EC-490A-00000000DB01}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033466Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:48.806{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9868FBE2AC676BD92B303D7089628B5C,SHA256=E858E9793B6BA2FD4FE640853EE37FD7B5DEF41D874E2130B0C194F0DE98EADC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:48.341{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FF7D87089600E97AEE2430A973FAC07,SHA256=0275F28ABF26F553880B80C715F681F6EFD0E46382B0A0C331AF229CCC2BB205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:48.110{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9E4A74913A0782AD78C8B1DD80DCF422,SHA256=C0EF0D128E1B1FC74621F5EDD9048C2670E861989B91A070599414D2F942F7F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033467Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:49.822{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30F89F6AB074A9ADF07A681CEFEB156C,SHA256=4F758C2B4AD5BED1D9A031A143606B5604E9DFBB24CBED8F8665AA5BC80EDC5E,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000080184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.911{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000080178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000080168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000080165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000080164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000080162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000080161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000080159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.895{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000080158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000080156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000080155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 23542300x800000000000000080153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=000438AFA523BE371B980C93EEB88CBC,SHA256=3B8070DB5E596DC80E7BA03B5881061E53B53B503E531CD612EF5CEB22EDC789,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000080150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000080145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.880{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.881{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000080138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.643{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000080137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.643{8057F119-3149-60EC-4A0A-00000000DB01}67929504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.643{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000080135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.643{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x800000000000000080134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.611{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000080133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.611{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000080132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.611{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 10341000x800000000000000080131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.611{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 23542300x800000000000000080130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.611{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF9ee975.TMPMD5=D02E65C42AD32F3ABC147AE7AB968251,SHA256=E8818DF00616D25228108A1EFC74316126A1FE625A120883CCA21C9468504286,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000080129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:48.279{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63477-false10.0.1.12-8000- 734700x800000000000000080128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.411{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.411{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.411{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000080125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.411{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.395{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.395{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.395{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.395{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.395{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000080119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.395{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000080108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000080106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000080103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000080102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000080101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000080100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000080098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000080096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000080094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000080093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000080090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000080086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.380{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.381{8057F119-3149-60EC-4A0A-00000000DB01}6792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000080081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.342{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9467CD996FFA13A88E2496780D12515,SHA256=5DF50EF8D483FE9563530D947E4359C30B8F5C8D30535394F0FB4CBBE2242518,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.812{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000080243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.812{8057F119-314A-60EC-4C0A-00000000DB01}99723708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.812{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000080241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.811{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000080240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.528{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.528{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.528{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000080237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.528{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.528{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.528{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.512{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.512{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.512{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000080231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.512{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.512{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.512{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000080220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000080218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000080216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000080215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000080214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000080212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000080208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000080206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 10341000x800000000000000080205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000080200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.501{8057F119-314A-60EC-4C0A-00000000DB01}9972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000080193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40E9069A540FFAF0B47CA8C742F91F71,SHA256=926F412CB91725ED0D302358561B28893575E44CE412638BDD63DB53E32917FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.497{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5045A1EC4E7BEFE1D4C8B647159FDA81,SHA256=2F147132D750705CCB5A60E3909E4D18CDAC56701DA3FB475F2A208E8A843E81,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033468Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:48.545{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51657-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 734700x800000000000000080191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.182{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000080190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.182{8057F119-3149-60EC-4B0A-00000000DB01}524010036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.166{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000080188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:50.166{8057F119-3149-60EC-4B0A-00000000DB01}5240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000080248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:51.623{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E0C1579E44F427BED0A0F33721E6ED1,SHA256=BAD9F1B9CDB16B597B1078DA66AECA39DEEB6977A5576B64D0D9F8F3C3D38284,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000080247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.919{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63478-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000080246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:49.919{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63478-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000080245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:51.505{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=999AFA2432D83A0987E8533B7E1E5466,SHA256=67311FD16770A7F51ACF9444E6FF6DE1CA941968794D7E3C7EA68C1B791C8F25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033469Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:51.040{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB8A5F2CCBC9AA5A972F9722651CBE76,SHA256=72C9E1683389349B9C1949DB8CC8BC9F00E30DCBCC7C056ADD477F996A327260,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:52.523{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA611FDC8EBB9D52B4D21F0E8930E56B,SHA256=40E260BBE5F557B9B97476556195A9A519BD5ECE0131A590F1F16A7F2A14286C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033470Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:52.275{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49FE08F482B6F3992158FE19E122D1B7,SHA256=60C97169A6CE1028A5F6D32FBF80DCA2D34E14F6405EA4161751FBBA4C13176E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.871{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B6CD7B53FB642239724C800A1374DCE,SHA256=4D104A13D315A927F61B404FF69B7B8235568DEB65C4079B4E4EBBD374E40C5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033471Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:53.509{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FAE8F50D8B80E73104F506A147544C7,SHA256=C4255C60139BD962116E52FC1C297BFD135ED83346A62478BFE75E94978410B2,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.425{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.424{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000080298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.423{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000080297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.225{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.225{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.225{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000080294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.225{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.225{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.224{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.224{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000080289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000080284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000080282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000080281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000080279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000080278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000080277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000080275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000080272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000080271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000080270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000080261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000080256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.203{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:53.204{8057F119-314D-60EC-4D0A-00000000DB01}9924C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000080303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:54.888{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86496BA7795FCABAC67B0B09F221FC61,SHA256=CC1D2F2B3067376AA52203B4985672F81D0FA2A20DF76CD7B93D509D8002F801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033472Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:54.683{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5D6816F08E2967874E05CC0D1CE1BB8,SHA256=4DB810FCE31A8CF7DE0EA8DED509C81DF508A3ED2ADCD5FD02D11B5BDF76A11B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:54.222{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0D735C3AE022CCC1B7D67B4658D667E6,SHA256=F09AC08331F7D135470A3EF612E1446310B63D4B6A5DE3EC34D5B3C6D02E3A54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:55.903{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19AD6CCD47D7A54444138F545EC545CD,SHA256=C272035C6EBC7CBC90AF8A57A5D5F30DAD3B69DFB64A1105C6C9105ECCB09D14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033473Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:55.714{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62712A0C5CD551A603B0695B593EE945,SHA256=F43472EADF42559F590AF234CA604DDA698EE0DE9439A0042E421E1E1E21EB3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000080304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:54.179{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63479-false10.0.1.12-8000- 23542300x800000000000000033474Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:56.729{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=917C1D41A8BCF96184BB00F36B3C51CE,SHA256=CC4BD51D6A92988FEF3181E14413D9C5F09A391A859774CA41B193A967D70D1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:56.920{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CDB4E3910006504148C70AD13C2D41B,SHA256=FAA25C0A59B456E83B16B2EF8A1375A42200E665F0756D619EB7C6C10A8C3EC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033476Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:57.761{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22A59EDCF6521170DBEF74B706451433,SHA256=EB5529D0FED56167324B92FF08FF4990E1037C6D9EC781D3841B164642F8C654,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.939{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6BACE3727EC2925D33558B86C5AD31C,SHA256=DB36EA28808E543C3FA12E72B9B8FB44DBB9343C29F942FFA644ACE145E7E4CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.386{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63CB7AAF6FD33D4B2C061380E935CC26,SHA256=B310F34CA570990B9C30B983ADCE257C8EE60153D8BBDB24EB8C313D05962150,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.324{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000080373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.321{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000080372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.321{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.321{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000080370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.320{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000080369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.320{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000080368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.319{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 354300x800000000000000033475Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:54.437{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51658-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 734700x800000000000000080367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.319{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000080366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.318{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000080365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.317{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000080364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.317{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.317{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 734700x800000000000000080362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000080361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000080360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000080359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000080358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6,IMPHASH=06716A63D3E6F97CB489B0D6810B3519trueMicrosoft WindowsValid 734700x800000000000000080357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000080355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 10341000x800000000000000080352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000080340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000080338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\mintdh.dll10.0.14393.0 (rs1_release.160715-1616)Event Trace Helper LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmintdh.dllMD5=32254E75260F1CAE3AB9EAC044B344B7,SHA256=B714E3CDEB23E63894D62E9335F51E301A9093F263623CCEFA2F674AABE7D629,IMPHASH=92D4FBE8F70FD95D329EA4882A8C3278trueMicrosoft WindowsValid 734700x800000000000000080337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 10341000x800000000000000080335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3058-60EC-200A-00000000DB01}70728392C:\Windows\system32\conhost.exe{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\system32\findstr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000080328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000080325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\tdh.dll10.0.14393.4283 (rs1_release.210303-1802)Event Trace Helper LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationtdh.dllMD5=18D509F5788831270FCDA4D11E023E37,SHA256=08965C78D75432D1E1199E8162B3FB3FE11D89945B69BA48DE6F595FB280E52F,IMPHASH=E0A9B1840595F8507313FB797C5187E6trueMicrosoft WindowsValid 734700x800000000000000080323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exeC:\Windows\System32\findstr.exe10.0.14393.0 (rs1_release.160715-1616)Find String (QGREP) UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationFINDSTR.EXEMD5=15B171EC73E7B71F4EBB4247E716271E,SHA256=2956F7BC863498DFCC868CE7DF4C9C131A4A5C17B065658456AFEF7566ACE1EE,IMPHASH=D7962312082AAB17974D6817E09E5D7AtrueMicrosoft WindowsValid 734700x800000000000000080322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000080321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3058-60EC-200A-00000000DB01}70728392C:\Windows\system32\conhost.exe{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\system32\findstr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3058-60EC-1F0A-00000000DB01}57762460C:\Windows\system32\cmd.exe{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\system32\findstr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+c3f6|C:\Windows\system32\cmd.exe+4917|C:\Windows\system32\cmd.exe+c378|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.303{8057F119-3151-60EC-4F0A-00000000DB01}10224C:\Windows\System32\findstr.exe10.0.14393.0 (rs1_release.160715-1616)Find String (QGREP) UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationFINDSTR.EXEfindstr "TargetObject"C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{8057F119-3058-60EC-7B5C-870000000000}0x875c7b3HighMD5=15B171EC73E7B71F4EBB4247E716271E,SHA256=2956F7BC863498DFCC868CE7DF4C9C131A4A5C17B065658456AFEF7566ACE1EE,IMPHASH=D7962312082AAB17974D6817E09E5D7A{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 734700x800000000000000080317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000080314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exeC:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-MD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7AtrueMicrosoft CorporationValid 10341000x800000000000000080312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3058-60EC-1F0A-00000000DB01}57762460C:\Windows\system32\cmd.exe{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+c3f6|C:\Windows\system32\cmd.exe+484b|C:\Windows\system32\cmd.exe+c378|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:57.301{8057F119-3151-60EC-4E0A-00000000DB01}9908C:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{8057F119-3058-60EC-7B5C-870000000000}0x875c7b3HighMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{8057F119-3058-60EC-1F0A-00000000DB01}5776C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x800000000000000033477Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:58.932{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2513188ECAE8D2A73F7C0B539F3E8665,SHA256=4582AC6370F8019D4DA4B67A0E0F63BD4F5C4A86B673FD1C888191D8E2381D2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:58.940{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E28B10D8856180FE268E21CA55A4159,SHA256=CAFFD19CF323F2D130073D21AD861F370153F2E59A7F49089CC8DCB80CEC4A23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:58.302{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D3F6D191E1C23BAFA525D3D417677E8,SHA256=578FCF43A799B155B29A67DE08B417F1203E9A67B98AC34F811531116840FBC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033478Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:10:59.948{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D60875A9097B4E3604C6CC2B8FE1B7,SHA256=07F9A00BCB33147B7DA4FF8AA47756C58CB3D170764F4D910D3042B0462369F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:59.955{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBCCC3F3A14C41AB7A04F45AEA9E02E9,SHA256=4F20FDF0892735EE8D8A7FAF62E38382096E260F092876BF6E8100771E87660F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033479Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:00.964{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=239E092E6DAEC1BAEB44A185BED306A8,SHA256=7782ED27C3D7D2D9ADBD47C00178FE0484C6AF41012082E7DDA3FAE291B53C6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:00.971{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45A13E5595E1506900341EDC2BFA7AE2,SHA256=A28257B13F64A0067D299AE8FFAFC4ABF7D0B14BEC63A28EBB5B1A60F3AF6B72,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000080380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:10:59.260{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63480-false10.0.1.12-8000- 23542300x800000000000000080382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:01.986{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB3A73C7F3E3F7F831CC9574D6B5D9C0,SHA256=ADFD4E77B8C94C024282B5BB5D2759A32AD480BDF5880260291EFED0C20E9033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033480Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:01.964{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A11A87A6F1312B09764CED5C4DE16EA,SHA256=45D9069D54B6E1334F61528A2765312B98403DECDD637B3D4C20DDDB4DDFFCBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033481Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:02.979{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AC2B102DF2D777FC8303C6D095CFD3F,SHA256=F950C12042B34DAFDD670014ADD8F5DB93FD9B6AE82B9913D9B29A596C1D216A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:02.991{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC19A4AB43BE67022AEC7FB90AABE2D,SHA256=5255520F37392259CEF29A74B35B763DD420A5AE0D3C650788DB25C6C3D46DF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033484Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:03.979{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2318C6EF9768177955D0758ACD6936C,SHA256=A8D38CDA1EB80D622BE4F55830A37C64F4B432D57B800F2853A9E2286427F7CD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033483Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:00.391{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51659-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033482Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:03.229{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033485Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:04.995{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD6A058D7B4A5906484E3DEEB3CED38F,SHA256=5349E40C849F478A61E1A67DCBB2B6E9BAC42011F6BDE61F55C6FC8AE6DA6823,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:04.575{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:04.006{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FF695DD833B0C9C3E6F61C4757B6C4E,SHA256=AFA1E86DC1B391A0128F7D6E3671215B737012930D9B4511554E9A708F32BAC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033486Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:02.562{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51660-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000080390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:04.364{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63481-false10.0.1.12-8000- 10341000x800000000000000080389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:05.760{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:05.760{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:05.760{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-2FF1-60EC-0F0A-00000000DB01}6364C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:05.007{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CF3B35EAD6DB9692D5D897BD6507598,SHA256=700E17F377BFE4C3CBA19DBD75D3B01A48DEED41D68E5947402468E66B98BAD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:06.008{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E99F7228BB565D0395E0B538D09652F,SHA256=E8BEFCF052269D22D87B8981E966F07DCD009590CB4F2AEDA4908602F0EC784D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033487Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:06.011{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4606E64BE4DC8BD7F061F39025680E9,SHA256=89F2BA3C6EDFFB5B5BC2B34CB6CE502FC312929D5A3F2B2FB054EAA04690F01D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:07.045{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4D447B274EF529C2ABACDACEF746F92,SHA256=C39A9AB0CD0547068F4E1E7361BF37574033380BC3F4D2C8F07760F69FFBE6A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033488Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:07.026{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0F9153422FC10B59E9BE8E94864AF9E,SHA256=210449FC03E276871C0FB3158F91D83AEC3AB97EC65442BCAD2D6B5575C64259,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033490Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:05.499{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51661-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033489Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:08.026{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A03068B794E8322C2CDE2F860A5B9CC7,SHA256=420163C7CE3A86B6276D826F92011590BBF4B6CAF37EC66D6721C9AB79E0A9C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:08.059{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=948E40908FCF078E57D4A0B960474003,SHA256=C88239B38DE64B1D03162B72F648B4E7C3CF78E5261F0BF168E9F46DD5DED3F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033491Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:09.042{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B61390EC646DF5B4E2785B935B4EEC6F,SHA256=728C6031DF499DD72674B14A0705B81208A38D63CCFE6751641C79F9319D0BD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:09.089{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEA5B841D3EC7FD88B668D8586D2EB09,SHA256=6D40D5A2F584A4D2E96932004D4ADCDB5EADC768007D41A7DCB55EA03726DCB2,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:10.236{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000080397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:10.165{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000080396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:10.165{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 23542300x800000000000000080395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:10.111{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4D9595F5412486B6DD503965DC5A98,SHA256=DBC271B075E3C8BA64BD11C787B0246CBA1017B8CD2836A86C6FA4E8BAF4F860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033492Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:10.054{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49B539C7194F1EBE3842EE19AB34A70F,SHA256=0668358C832DA1D045BB912FFC78E69987576A755DA7976354CAD1A9ACB53F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033493Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:11.058{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=361A49F239BF6177202BC588EF7DC6A9,SHA256=40EDD74C18211D09AB4C0FA40993A9FA00BFB712381D2CBDB2B95CBA17DE6C67,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.966{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85F,IMPHASH=0280A5811869EFED56B453A140477D51trueMicrosoft WindowsValid 734700x800000000000000080492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.934{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x800000000000000080491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.911{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=BB0ECCB8A72B5926A58433666145D459,SHA256=9C082B0EF00A6E174062634F0421B1179D27BC9077A5C0B1FEB2AA74DBAC2E68,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x800000000000000080490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.911{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000080489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.880{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x800000000000000080488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.880{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000080487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.865{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000080486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.865{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000080485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.865{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4283 (rs1_release.210303-1802)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=4331AC493E264AF1378E0082194D07A5,SHA256=81B8E123110B9C7A34957B9176791AD86EA874315D4555FDC85CF20975E08D99,IMPHASH=C0750252600F63F4BA1D73794E8FE8C0trueMicrosoft WindowsValid 734700x800000000000000080484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.849{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\CoreMessaging.dll10.0.14393.3930Microsoft CoreMessaging DllMicrosoft® Windows® Operating SystemMicrosoft CorporationCoreMessaging.dllMD5=3D9D2F367587B2E93F2868F52D4ACBDD,SHA256=B4B27A7D4B9B685B6015D090B6A3E0E578AFBDE8D6C06A8F2E606A439D5A4BA4,IMPHASH=92CA7117B99353AC45978E95EEB5A46DtrueMicrosoft WindowsValid 734700x800000000000000080483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.849{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Xaml.dll10.0.14393.4470 (rs1_release_inmarket.210704-1611)Windows.UI.Xaml dllMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Xaml.dllMD5=6F79837DE63E915AAE0672450E93FB5A,SHA256=2169B1FAEF092332F4B72F142E2FECC8554A0E2756715711F5E15431784A5261,IMPHASH=B872FEAB4926DE1D74C3DF5AC4E62C2CtrueMicrosoft WindowsValid 734700x800000000000000080482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.696{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000080481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.679{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628,IMPHASH=31EA1856BC7597303D8126028BBFDFB8trueMicrosoft WindowsValid 734700x800000000000000080480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.679{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 734700x800000000000000080479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.679{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\MrmCoreR.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows MRMMicrosoft® Windows® Operating SystemMicrosoft CorporationMrmCore.dllMD5=D730B5700BEB4A7E6E4244684356739C,SHA256=26083BEB490E48F5711D69A0E597B7A4CC6FB4B31EDCD535A0FF0DFBE4E6F8DD,IMPHASH=462A9FA6F44F25C68798F197AC8EC9D9trueMicrosoft WindowsValid 734700x800000000000000080478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.679{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wincorlib.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows ® WinRT core libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwincorlib.DLLMD5=F08F4542548A5CD4F521491164598021,SHA256=D60844E5A091DD42CB1BC03CA76B8BBAF55C5B1A9EC3F1403AB241DDE36CA630,IMPHASH=7118E177B350BBAD51DE9533CF52B852trueMicrosoft WindowsValid 734700x800000000000000080477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.679{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Cred.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Prompt User ExperienceMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Cred.dllMD5=78EED0861A739C42B882A074C8C6EB66,SHA256=3BFDDC668D78212AACD74DE956A004582DBA1FBC9DDFB3B3FF9368F3FF16991A,IMPHASH=937A04AFF9E2F1B9DE53D1339BC71147trueMicrosoft WindowsValid 734700x800000000000000080476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.648{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.XamlHost.dll10.0.14393.4169 (rs1_release.210107-1130)XAML HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.XamlHost.dllMD5=3EF300C64E57C482FEC2A62454CC45BC,SHA256=CED0EEE32D019EAF1BE70190B87FA9858054DEE20DE77EF0BDC67C2B8B0DD669,IMPHASH=76C7A23349305BC2F339502E1330DC92trueMicrosoft WindowsValid 734700x800000000000000080475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.648{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7E,IMPHASH=945C5ACF3D7F6243AD6374B1152227D8trueMicrosoft WindowsValid 734700x800000000000000080474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.632{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 734700x800000000000000080473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.632{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.CredDialogController.dll10.0.14393.4169 (rs1_release.210107-1130)Credential UX Dialog ControllerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.CredDialogController.dllMD5=914E180859851B8FF502A541C5EE5C1F,SHA256=4139824AE8D81F519CE57E46F7514D82A42BEBE8A3971B32666CF2A2AC8390F8,IMPHASH=36C915CDD5835C99A10F8B3C525E4356trueMicrosoft WindowsValid 734700x800000000000000080472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.632{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.632{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wincredui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User Internal InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwincredui.dllMD5=27B7A3DDE710FEC067E7AADBB396FDCC,SHA256=BE73F24E4E7E5002A78784D60F82840B42FB2AAD593623D00535E0403B01EAED,IMPHASH=5BF8C42D151FC064CDF2E863454964AAtrueMicrosoft WindowsValid 734700x800000000000000080470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.632{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 23542300x800000000000000080469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.630{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0CBE0E5F073E5886859B4B47A459752,SHA256=2C3E7E2FB9CDBA533FE1844C2C60705965DA2A46EB81457270221832C7C1657C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.611{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x800000000000000080467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.611{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\MMDevAPI.dll10.0.14393.4169 (rs1_release.210107-1130)MMDevice APIMicrosoft® Windows® Operating SystemMicrosoft CorporationMMDevAPI.DllMD5=CF179D8A655703FDD273891432EBF588,SHA256=722863E48713AEDC9E7EA95C181CAAA389B147BCE51A7E815F0D4189AF92B6E8,IMPHASH=A9DFEC2D392C78A08CC45D2B95165EEAtrueMicrosoft WindowsValid 734700x800000000000000080466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.611{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\WinTypes.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=F26A1B9400B1B37D899B01DA8DE809F7,SHA256=F0AFDE11FE0C22D0A25CA4F5A07FEDDC6D3014902360566575E4AB5C164AB8E0,IMPHASH=58F905117CF0434AF54A7CD9D43EEF30trueMicrosoft WindowsValid 734700x800000000000000080465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.611{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\AudioSes.dll10.0.14393.4169 (rs1_release.210107-1130)Audio SessionMicrosoft® Windows® Operating SystemMicrosoft CorporationAudioSes.DllMD5=4B97F920560452EC199062492055FF4C,SHA256=FF75E4970C94C270783461F9696829E3159E5254C818E3F86AE521018B1EF055,IMPHASH=18FC7797E056AFF42D40FF05B182DB5AtrueMicrosoft WindowsValid 734700x800000000000000080464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.595{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\credui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationcredui.dllMD5=F3EA67955C81EDC0351A4E7418EEEAF4,SHA256=1DC9FF6C665A376789094BF59DCF125A7BE0280D798C74C0853AD1D808104F5D,IMPHASH=4559CD65117B2CEA951EAA739A2320C9trueMicrosoft WindowsValid 734700x800000000000000080463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.595{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000080462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.595{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000080461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.580{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 10341000x800000000000000080460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.564{8057F119-08A1-60EC-1400-00000000DB01}10762196C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x100040C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+63c9|c:\windows\system32\cryptsvc.dll+62d1|c:\windows\system32\cryptsvc.dll+5e56|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.564{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000080458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.564{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000080457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.564{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.564{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000080455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.564{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000080454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 10341000x800000000000000080453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 10341000x800000000000000080449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}51369416C:\Windows\system32\consent.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x70C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\consent.exe+1452|C:\Windows\system32\consent.exe+3ca7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000080447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000080445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000080443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000080442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000080441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000080440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.548{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.533{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000080437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.533{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msutb.dll10.0.14393.953 (rs1_release_inmarket.170303-1614)MSUTB Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSUTB.DLLMD5=17CD28B5081E8C9D25228987EDD4E4F4,SHA256=7AA14D2F375CCB4A57053144BC826132938C66ADDB282C940F736F3C6E358DA5,IMPHASH=C2050C3A907779B8B143FA73DD6A1241trueMicrosoft WindowsValid 734700x800000000000000080436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.530{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000080435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.530{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.529{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.527{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000080432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570,IMPHASH=2E790E44628AED89C2CC17E1E4A5CE1CtrueMicrosoft WindowsValid 734700x800000000000000080431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000080430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\MsCtfMonitor.dll10.0.14393.0 (rs1_release.160715-1616)MsCtfMonitor DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMsCtfMonitor.DLLMD5=81BC8DBCD544B8837BCBC5CAD0C9CA08,SHA256=C67286427B136D36F2785B3DF169B8D3E820ADCD1C836B69770439A9456A2E8E,IMPHASH=9B989CE38CE9C40F828E034B46B8E9F3trueMicrosoft WindowsValid 734700x800000000000000080429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000080428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131,IMPHASH=6FEE5278940E0EA644D3641165D77874trueMicrosoft WindowsValid 734700x800000000000000080427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000080426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wmsgapi.dll10.0.14393.0 (rs1_release.160715-1616)WinLogon IPC ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationWMsgAPI.DLLMD5=F057E6CFED6521141F9E2AA786FEBF9E,SHA256=FE15ADCBC8E9B129BC09FEC47A89A487F5D9E537DC05674C413A8D9D84860535,IMPHASH=0070F559678E041C453782364C13F0C2trueMicrosoft WindowsValid 734700x800000000000000080425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000080424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.511{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000080422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000080421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000080420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x800000000000000080411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000080410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\consent.exe10.0.14393.4169 (rs1_release.210107-1130)Consent UI for administrative applicationsMicrosoft® Windows® Operating SystemMicrosoft Corporationconsent.exeMD5=2D39786DACCF1721F552F3195E72766E,SHA256=D1FAD06A025FEBDD896A8B17182F31CCD4F92EBA8C696485FFF77C0823CFF723,IMPHASH=9E56AB88B9592E0AEB5042020D43259CtrueMicrosoft WindowsValid 10341000x800000000000000080406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+2c4f|c:\windows\system32\appinfo.dll+4026|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.495{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1014c0C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\appinfo.dll+33d8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:11.133{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91FB6BB3AA5E06EEE8668D87ACE782B5,SHA256=BE5BE80CD8C1654270945BB8EDA479BBCA2BD302F1D67FBF6A9B64428C0A9013,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.497{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D635C998E4A2F02A8105AB62376FD5E,SHA256=87E27CDB3E980BE3C10B6784974A005AFD159E9D50383D0106C4FF852F719494,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.497{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66721B578723D00FEF1697030DF9AC47,SHA256=5BAD71B95A5DABCA9490667F68343AED094A5BC492B2673D446BC62B7D4D1E55,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.366{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ninput.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Pen and Touch Input ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationNINPUT.DLLMD5=BF084D22F7064E686F9BBAC541C680B5,SHA256=ED2E99746A98BAB14B5B565E5D3F092143AA2D8BD0CBD08FE047B64AEF5EF440,IMPHASH=ADED91AA394AD8A3D54B5A54F35771D4trueMicrosoft WindowsValid 734700x800000000000000080572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.350{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDC,IMPHASH=AB0E9B104017117F7BE18F3C6AAC279AtrueMicrosoft WindowsValid 734700x800000000000000080571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.350{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720A,IMPHASH=7C36F76BEB38B735155D539BEBF60532trueMicrosoft WindowsValid 23542300x800000000000000080570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.312{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBDFC97B917A57EF10E4EE9A543AEE94,SHA256=EB4787254CFB10DDBF6DAF41925EB56A7CEC8D2DA76D363973692B6D8F666E73,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033494Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:12.074{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D911DAF7C1855F55F0979EA4B051A6F1,SHA256=65D0544ECE1D3AAC151702E5C30B925674D5D6AA7FCC5F11DEE4B5E752B76280,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wlidres.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft® Windows Live ID ResourceMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidRes.dllMD5=924564C6374F361B38AF73212C520FC0,SHA256=91FEB10B955D69A7B758EFC53C7E51A1EDE9B875F823DC41B04356CA62133D77,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000080560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.281{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\WinSCard.dll10.0.14393.2273 (rs1_release_1.180427-1811)Microsoft Smart Card APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwinscard.dllMD5=85E2B5FCB057B0476687CCFE28E589A5,SHA256=4B99A7709FAC8E9CF95AA186651BE455C0998414E2D2D807DF1B000EB26FBD15,IMPHASH=8E9831D203C36A499228D7F02C6B90D8trueMicrosoft WindowsValid 10341000x800000000000000080557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.265{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1172845C445A34CE788D3CBE91E15EC5,SHA256=ADCBD9CEE3141E1ED30DFF2C40880A92062AA606122DA1EB0DE7B16BA6B9E849,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.250{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.234{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.234{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\shacct.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Shell Accounts ClassesMicrosoft® Windows® Operating SystemMicrosoft Corporationshacct.dllMD5=6C3405DC9DB5740B6B2AD3AF67031A2E,SHA256=223153AF2A71D3549CCE25D3EAA294DD44471EA8A0733E5AC1EFD7D99D03886E,IMPHASH=F9EDABA9B540C273AC125BA9D119C3AAtrueMicrosoft WindowsValid 734700x800000000000000080535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.234{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\samlib.dll10.0.14393.0 (rs1_release.160715-1616)SAM Library DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMLib.DLLMD5=4C413FEDB1B88DA18059890CE0BC95D1,SHA256=FAD279CE82D1616A533D6E5D3A20543B51FDBDDE4C764E09F6A01C8B0E44218A,IMPHASH=BF11630905AADA27934CD5411323FA5BtrueMicrosoft WindowsValid 734700x800000000000000080534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.234{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 734700x800000000000000080533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.212{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\mfsensorgroup.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Sensor Group DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfsensorgroup.dllMD5=7CB78A0BF4D6AEA6A4C367DFC7645CD0,SHA256=5504F29CAE19AF9A98D65508A350F518AEA1C66235029B1881CA765146E92D99,IMPHASH=86C22AEFE3E4067CC0F34A1D80C38807trueMicrosoft WindowsValid 734700x800000000000000080532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.212{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 734700x800000000000000080531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.212{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Media.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Media Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Media.dllMD5=D99A463FD833B801A943698AC8AF81EB,SHA256=224405AC2CEFCFBB5E2AE3D98E9A5895BB2C39C128759E2FBCC3E84335E4E6D9,IMPHASH=88691B5201F0FCC6E05D2593797A195AtrueMicrosoft WindowsValid 734700x800000000000000080530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000080529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\DevDispItemProvider.dll10.0.14393.0 (rs1_release.160715-1616)DeviceItem inproc devquery subsystemMicrosoft® Windows® Operating SystemMicrosoft CorporationDevDispItemProvider.dllMD5=CCDEFAE1F31F9F9AED64686A143D3D0A,SHA256=CF96EB0C3422628398D218152A729221C0F5D09F287E083AE88ECD77DB2C11BC,IMPHASH=B96B407351B4F23871E4087C6E937148trueMicrosoft WindowsValid 10341000x800000000000000080526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\wlidcredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Account Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidCredProvider.dllMD5=BFDFA8D6CE74D72FC3CAC3E8B6D05FB7,SHA256=172538FF3768FA97A54D4B33B7E3253F568013DF9F8102E023DEFF4CA44B2BBC,IMPHASH=AC43D6C08681C0DFDC982DCBAA555A68trueMicrosoft WindowsValid 734700x800000000000000080523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.150{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\certCredProvider.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Cert Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCredprovider.dllMD5=5C5920708E3A7386E3FB97F06A1CF6CD,SHA256=2CEBA7FEC4C2DA3384BE80CB70C5AF04F45727BDA3DEF9A79F478B071AB9FC0C,IMPHASH=A01F108876C25B588A60F1407EC75717trueMicrosoft WindowsValid 734700x800000000000000080522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 734700x800000000000000080521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ngckeyenum.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Passport Key Enumeration ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationngckeyenum.dllMD5=ACF9A79DE065065D9B9F3C060D8FD883,SHA256=72A663ED47F6354E1EF19D6E5D4BC1118B8BF699B9E112E89BBE8DC8B9D83187,IMPHASH=7408E186279579FBFF9DD5099C815B63trueMicrosoft WindowsValid 734700x800000000000000080520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\BioCredProv.dll10.0.14393.4169 (rs1_release.210107-1130)WinBio Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationBioCredProv.dllMD5=73F8BD8ED7C88C247AE1F8931FE84024,SHA256=50102694895A05D4554A54C775A033664DF7B9E51347F918E2A2FEF2F2B747C0,IMPHASH=01D3BF39F15617F2002037CAEC4CA502trueMicrosoft WindowsValid 734700x800000000000000080519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\StructuredQuery.dll7.0.14393.4169 (rs1_release.210107-1130)Structured QueryWindows® SearchMicrosoft CorporationStructuredQuery.dllMD5=330E02FA330C93B93B477AA2F88C8A3A,SHA256=958A6977B820D04D94C8FD85C23CC62D77F0498BB59A648744E8F43704FD7F26,IMPHASH=870079407DAAD548AC5B3F417EEBB243trueMicrosoft WindowsValid 734700x800000000000000080518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000080517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000080516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.134{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\ngccredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Passport Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationngccredprov.dllMD5=5125FB8AD27095A89651EFE26DF82B8F,SHA256=B49A3E4B223B5737ABB834DA077E2F525B8D5A4E7A226134AD23B19BD20DA5B5,IMPHASH=BD5237271CB2F0AA3004D8AC0791F836trueMicrosoft WindowsValid 734700x800000000000000080515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDA,IMPHASH=CA757A840D91610BF593E8A2814EB9B3trueMicrosoft WindowsValid 734700x800000000000000080514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1F,IMPHASH=518BBC26E9BA87459E80712401FEE077trueMicrosoft WindowsValid 734700x800000000000000080513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Devices.Enumeration.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Devices.EnumerationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Devices.Enumeration.dllMD5=4C62915A0F4A5D426D857C5DEC342AE9,SHA256=371A5B33833D0433F525EF0A0E61B7EFE5F91142F814241AB291C178B055BCB3,IMPHASH=19CB1EC42DBF9C106DE4DE251E31017EtrueMicrosoft WindowsValid 734700x800000000000000080512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\facecredentialprovider.dll10.0.14393.4169 (rs1_release.210107-1130)Face Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationFaceCredentialProvider.dllMD5=75568151502F3012E5A0B28D53517B21,SHA256=6CD897692F27AF5291034213CFA48CF0A0517C33A5A23ED270F12DDE98FB32D9,IMPHASH=A57735F3674892C8A813AC842EA6CFAFtrueMicrosoft WindowsValid 10341000x800000000000000080511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\cngcredui.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft CNG CredUI ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcngcredui.dllMD5=FE84C1709B761FFCFA7F4340FA451A65,SHA256=329D2D141C9C0ECC68C12E8B68D0413C396F47C83C85621A410773D8BB1A494C,IMPHASH=9AEED300060E76958D7D2ED9F8BF8EDFtrueMicrosoft WindowsValid 734700x800000000000000080507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.112{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000080506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.097{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\credprovs.dll10.0.14393.4169 (rs1_release.210107-1130)Credential ProvidersMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovs.dllMD5=913EF3B2F5DF7C749774F6FF3B054C11,SHA256=4E3F665593865080E37EA4F3108102FD222C2DECE3841F178EAF29A9CCB59C2C,IMPHASH=4D8C135A6C32D5E52CB9D0ED6F5E66D4trueMicrosoft WindowsValid 734700x800000000000000080505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.081{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\credprovslegacy.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Providers LegacyMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovslegacy.dllMD5=C54FE5EE50B5B797FFCFCC1B00A0076C,SHA256=2676BC00EB97E8BC4F3052EF09106DA33FA33CECC66D179164B3B2FE9DEFD9F6,IMPHASH=350AE9643284403B93B04574B73914E7trueMicrosoft WindowsValid 734700x800000000000000080504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.081{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\SmartcardCredentialProvider.dll10.0.14393.2248 (rs1_release.180427-1804)Windows Smartcard Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationSmartcardCredentialProvider.dllMD5=89F3FE0276D7A31BA02AC3366F964FEE,SHA256=EE1AC8484F240304375600A1B95B64670D660EEC8E3D9F49D7782505D38E28B2,IMPHASH=634A0E8BBEC2A27265F521A876EDBBDAtrueMicrosoft WindowsValid 734700x800000000000000080503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.066{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159A,IMPHASH=D9F27AFFC8B05CE56A2B9B9CD5B4C9B5trueMicrosoft WindowsValid 734700x800000000000000080502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.066{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\threadpoolwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows WinRT ThreadpoolMicrosoft® Windows® Operating SystemMicrosoft Corporationthreadpoolwinrt.dllMD5=4D271D6FA08E19B78A99F948FB012F44,SHA256=92D9A5BC0F95FDE6BA83D17925122815BDF3803D949112852C3D97CFBA16D219,IMPHASH=0E03F54121A53AD6BC839C0721A3CECCtrueMicrosoft WindowsValid 734700x800000000000000080501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.053{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9,IMPHASH=D27BDFF964B5FDB8A5E9B0599333826BtrueMicrosoft WindowsValid 734700x800000000000000080500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.053{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.053{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\credprovhost.dll10.0.14393.4402 (rs1_release.210426-1725)Credential Provider Framework HostMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovhost.dllMD5=D64A4C4E4CDB8DD6128D4EFAC4118353,SHA256=A503771EBD077D5C5C2EFF2499E074A8B05099A59D68E7668F403EB6DC4A902A,IMPHASH=2B8D4C5C44B72C4C63973FFAB9046281trueMicrosoft WindowsValid 734700x800000000000000080498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.034{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\CredProvDataModel.dll10.0.14393.4169 (rs1_release.210107-1130)Cred Prov Data ModelMicrosoft® Windows® Operating SystemMicrosoft CorporationCredProvDataModel.dllMD5=6B8B71ABE125771FEE8A44D0F941CEF3,SHA256=1C7C0865C8BD4CD12867432AC71144923344F596EFA2D7C42DD9EF37F508F519,IMPHASH=E95B43892FF230687F925F53516FD6F3trueMicrosoft WindowsValid 734700x800000000000000080497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.034{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Logon User Experience Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Internal.UI.Logon.ProxyStub.dllMD5=BA676D9CAC156F110C3E109367BC3E0C,SHA256=1B4D4D75C4E651BDC6077679581B5246667A2E63171FEB9B8566B1A638683D79,IMPHASH=652A046C44C4B1CC212802D3079219D4trueMicrosoft WindowsValid 354300x800000000000000080496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:10.353{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63482-false10.0.1.12-8000- 734700x800000000000000080495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.012{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\FontGlyphAnimator.dll10.0.14393.4169 (rs1_release.210107-1130)Font Glyph AnimatorMicrosoft® Windows® Operating SystemMicrosoft CorporationFontGlyphAnimator.dllMD5=3179BAF869C1815F2A39438DD5EFD620,SHA256=7A89DD1B6F0DCF16AF14A03EA04718DAAD8FE01E97C61933BD81E6371251AA31,IMPHASH=50CFAE7BE5DDFAF9B3957BA4D337BEADtrueMicrosoft WindowsValid 734700x800000000000000080494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:12.012{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187E,IMPHASH=5F8C6AF7D0781F35A516AEB072DAD045trueMicrosoft WindowsValid 354300x800000000000000033496Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:10.531{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51662-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033495Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:13.308{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D72A096E3716448043B16E2F09281CD,SHA256=6D5606675A1E8327543C050786B8FC01D17207CD67AC05A9E5666DC85F09E602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:13.165{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44B481E34B537C3A5F27F7BCEB52CF9E,SHA256=DD335E21FDA0D26B2523B1E37F31A3E1EF63D610D5980DC68D70586BE6133848,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033497Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:14.342{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ECC142C16DB3814B8C96FB7FCE9F25D,SHA256=E5A8307C9912A6FE3060E763D050F90E6DE134A3BB5A031715FE4E045F4C208E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:14.180{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65DCEFA0530E2F19B2FB7E583CDC94A6,SHA256=0A5B2D509F32CDD68E12BA9B351B7991FB5C82E90488535F74377C71D6B769EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033498Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:15.389{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C85C7BFA6729664D1408B4E27DF1DA2A,SHA256=CB8C4F66702490C6DAC95FB1594971A3BFD03C8F91FFBE5E6BA31D9B9C9E5C9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:15.181{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D36B6635EF547191E9D4F5CF71CF248,SHA256=755547B11A6C9FB2AD28C9BCCDFC80BC47F49F0FD72948560BA0257F5CDF5712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033499Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:16.639{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA0B2A7E11217132E8A1459177A0BE7,SHA256=3094B23AD7A1AB7B61530B999BCA796E65FAE71CC3F2DFB747D4DBD1BA45BD34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.182{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C23381FDC77CF5BDCDB4A09D6B453178,SHA256=FBD54D43E747DF08A4A6F3C111903FBBBADD8A1789553B5C1A493051833584F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.151{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.135{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.135{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.135{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.129{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.113{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.113{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.113{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000033500Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:17.780{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28A3ED5DA9B76E660DAF611855AE41CE,SHA256=5DC446D9DFD9053B4DFBD1D4D17A1C6B7534FDA68079DB953DB9A8E73B55DD6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:17.196{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=161B209E2C74FBB6F6A9D3301155E767,SHA256=63B71CF9DA6927DE6F536B4BB0B66B8F630E3A80F6D6C1B6EA26A3C61A512921,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:18.212{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=019C01D0C354A80BCE1C1C5D7C421266,SHA256=8CE8AB913C6DC9355CC4B85FF3D8A2C997F9DBF2488E25BC2CAAFF0C3853EA33,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033501Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:16.503{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51663-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000080590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:18.129{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:16.367{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63483-false10.0.1.12-8000- 23542300x800000000000000080592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:19.229{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18A4F845D0ECC6AF7ABEFFE00F009BBA,SHA256=E306A554F260DB1FB33A4AFE884EC6ECE26F7DC6B0D6C2BB24390BD503E5A49E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033502Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:19.014{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF032DF395C84D248CAF6F9307F19702,SHA256=93A3766A1806C07CE1A23FA40BA0D8DDDA51CAFDFC6E5F70D10288CE619173BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033503Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:20.186{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=381F98093DA4831616E93801A21BB4FD,SHA256=3A85267B7DB6E47B5E4DE289F447861AE477BCB4F55A6AB255B9B812D10A84AA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.994{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.994{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.994{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000080704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.978{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000080703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.978{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.978{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000080701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.978{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.978{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000080699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.978{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000080698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.894{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000080697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.894{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000080696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.694{8057F119-3168-60EC-540A-00000000DB01}62809720C:\Windows\system32\conhost.exe{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.694{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 23542300x800000000000000080694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.694{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBD7B6C28A7B152287C3B252D571F753,SHA256=D13B5CFA1E3469AB50C06B068CA2648DA57ECDB358C588CD2538ED6A556A5557,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.678{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.678{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000080691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.678{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.678{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000080689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000080688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.663{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\ConhostV2.dll10.0.14393.4402 (rs1_release.210426-1725)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=EBEFEF1FE2B0D6FF2595203DADE100C9,SHA256=70F4BB4198467DA8E2FD7AF475536B3F2FD1B3E56CEE7E376D0303C149C449F9,IMPHASH=49A59B06FE5B10F21E36B588430BFDB3trueMicrosoft WindowsValid 734700x800000000000000080679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000080678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000080677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0,IMPHASH=2C980A4DA7C717CC670CB9E1D2C4D733trueMicrosoft WindowsValid 10341000x800000000000000080673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000080672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37AtrueMicrosoft WindowsValid 10341000x800000000000000080668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.647{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+3c57|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.644{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" C:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\Explorer.EXE 734700x800000000000000080661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.631{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000080660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.631{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000080659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.631{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.631{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 734700x800000000000000080657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.631{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000080656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.631{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.629{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.629{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.628{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.628{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.627{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000080650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.627{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.625{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000080640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.609{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-3168-60EC-520A-00000000DB01}9356C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.594{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.594{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.578{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000080635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.578{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000080634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.578{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.578{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000080632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.563{8057F119-08A1-60EC-1600-00000000DB01}12363680C:\Windows\system32\svchost.exe{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.563{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.563{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000080629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.563{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000080628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.547{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.547{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000080626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.547{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.531{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.531{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.531{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.531{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000080621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.510{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.510{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.510{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.494{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.494{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x800000000000000080615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000080614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000080610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.463{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-3168-60EC-510A-00000000DB01}7352C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.447{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.447{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.447{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.447{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.425{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.410{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.410{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.410{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.410{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.410{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.327{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FF,IMPHASH=6691D3D33C2662107A11540A5A994674trueMicrosoft WindowsValid 10341000x800000000000000080597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.309{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.309{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.247{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94457A913246AB5091CF418203A9E9FA,SHA256=A1A389E8804BC20867241BFEBAD8851969DC0E4EF9285D5F44AACFF27C5250FB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.032{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000080593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.026{8057F119-315F-60EC-500A-00000000DB01}5136C:\Windows\System32\consent.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AE,IMPHASH=52045AC79DBE663F06AB7C9717524D40trueMicrosoft WindowsValid 23542300x800000000000000081021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.793{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FE0C15EC314EECF60E7E515B7C997A3,SHA256=C5972A1F7BC7E2A47FE32397BD1D1AB0E721D4B149C0F3AE334A3BFAC2E387BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.778{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.778{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.778{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.778{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=95A1BA1B908C04EE471AAB365D557FC4,SHA256=5EAFA5C8125CE0A4C69238F28E94E9DC96ECB2474CF429A1BA4C56233D32EBFE,IMPHASH=781D96AFC4A43989716F0476826C7E94trueMicrosoft WindowsValid 734700x800000000000000081016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=A8286DA670839BD4D3B828E5DCE2D579,SHA256=9A039B35434ED287DBB4F23906E07ED81BB3AF62F01CC31842D1B1E8387C4AFD,IMPHASH=351F646C1B9736015D0FFEFB86A4D807trueMicrosoft WindowsValid 734700x800000000000000081015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=EC928387A1AC55B0BCC65F0FB64657D7,SHA256=9E719F529FD3CE2014E17ADA83FEBB5DF3DA533E93192739324EC698EEEF489E,IMPHASH=A304C1ECFEFBD3A520A9945E2188D759trueMicrosoft WindowsValid 734700x800000000000000081014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=B8A5106696E9FFE0CBA9A5F83C146DE9,SHA256=0CFFE15440453F2A67CB55D62A9044FCB6451149CBA5B98D3E9F265768D09EEB,IMPHASH=A885832D78ECD46B400AC0EF19CF0ED0trueMicrosoft WindowsValid 734700x800000000000000081013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msls31.dll3.10.349.0Microsoft Line Services library fileMicrosoft® Line ServicesMicrosoft CorporationMSLS31.DLLMD5=B2911DEDDF06CA1AB66C810EB98AA503,SHA256=B8FAC47D96B3577104AA20C84E532024E4B8D7A7B222E715E7FBC368151E34D3,IMPHASH=B42CEEFC5A11B8C6A930DBC4E521CD36trueMicrosoft WindowsValid 734700x800000000000000081012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=456D1A9554B75F666045F322BAEEE209,SHA256=F527B223EC94B35867641F6CDDE68B0D18048794B4837D600DC6F2DF44C17D18,IMPHASH=D3851D2627EE20865D40A6CE93CA8A17trueMicrosoft WindowsValid 734700x800000000000000081011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=19BB2A2206DA49504383900559339A32,SHA256=4DB5ACF98CD3E789E9DECD82BA6637452A236207E93C3E38B85F373965E457B8,IMPHASH=4453AC692845F7F4429D6DD3ACF00D0EtrueMicrosoft WindowsValid 734700x800000000000000081010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=71488B2A3FEEE42631F968B08ED0503B,SHA256=2693217FA5F2A259F10D580B4AB95787ECB30B2DF16EF98631EF9D4B3DC62564,IMPHASH=37239F56D3864617C4EFB2A5F460F097trueMicrosoft WindowsValid 734700x800000000000000081009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=50FAAB33B35115D94D3442FA90B0574B,SHA256=922F64661B34B37D35D11CB89611CD5BAE3907FDF56C782D9C67597F330F4D33,IMPHASH=3C84DC322121BEDBDD23AD37D5500FFCtrueMicrosoft WindowsValid 734700x800000000000000081008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=D238A301AE8EFABD029CE5C9B7777BF0,SHA256=FBB2B864831D5F0F71E1D0167B4EDD4FACB62BFD7913C465F4E291B868120163,IMPHASH=D87E30B18F53FE55C5B018AF0882ADC7trueMicrosoft WindowsValid 734700x800000000000000081007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.762{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=574CE73F5F8AEE6C2219547BC8DC88A2,SHA256=68B28AF187AFD6453173D1DC09C9C11CF10FA886FD5877B83170CAA3B0706784,IMPHASH=36E120EA05F8714D20693A7DA02D7326trueMicrosoft WindowsValid 734700x800000000000000081006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.746{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=0C5492DFFA271BC1912BADFEBB497907,SHA256=536C445B9D489749547FAC1D0B01AF7F430BBFE31BCD2924E7DB3BFE66785452,IMPHASH=91DB2465A9EA36C5C01315C79E4EAD5AtrueMicrosoft WindowsValid 10341000x800000000000000081005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.746{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.746{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.746{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.746{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msimtf.dll10.0.14393.0 (rs1_release.160715-1616)Active IMM Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSIMTF.DLLMD5=AFF8921E40DF47A2938819BBB13E0CC5,SHA256=2E521B9BF27F9EC3D0C077AD1D21915240BA5D2A7F3D64E85687E8A38DD6E5A6,IMPHASH=61FEC0F2740D3463B3883EC575978A0EtrueMicrosoft WindowsValid 734700x800000000000000081001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000081000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000080999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=90A1CD387F9CB30F86D34B88BFCD83A1,SHA256=5F6CE9777CDC7B0A0E98C90709C41C379415DBA654A39B332BB683A7F2B86E97,IMPHASH=07C997EFB887CE39B75B7896A20F5FFBtrueMicrosoft WindowsValid 734700x800000000000000080998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=9FEEEA412847864E044BBD2789C2457B,SHA256=359D3258E661357C768B1FBB885743E63D3D218FE7999D4A39FC8AEEF64B52B3,IMPHASH=16E2C81454E1F9301D6F8A9B1F5DB754trueMicrosoft WindowsValid 734700x800000000000000080997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=CA6447DDCA724F0C5C0CAFDE184EFE64,SHA256=F9664337B60A332571FCA81CC3E6DD194DCE20C8546980FD283CA892D0CC873C,IMPHASH=6E3C4DB87F2B77C788E86C1A678A8D0DtrueMicrosoft WindowsValid 734700x800000000000000080996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=A6F22CA344FD1B7D75D49ECC718693C8,SHA256=C7787F59263B7D5246B931531AB4DC4C430E1BF8260775B7A751D4994A5D3489,IMPHASH=689E2A5805AE9CF0919D2DDDDDC411CCtrueMicrosoft WindowsValid 734700x800000000000000080995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=5480D88484EFE8EB7EDB99E68CBCA337,SHA256=B555AD6480A30599CF27A818E470B25C9242AB80C94835EAE08B226854E630D7,IMPHASH=A7A8E1C7D8A348EDDDA81702A2FEC068trueMicrosoft WindowsValid 10341000x800000000000000080994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.731{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives Library (Wow64)Microsoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=0D7153433B25ABA6DF86FBC7FA543CBF,SHA256=C8DF43428EC79BEB384B2B2561A3D8FF98040ABBC760C35F99E1FBE2D04170BF,IMPHASH=61592743BFAEF2F12950E5420FA2AEB1trueMicrosoft WindowsValid 734700x800000000000000080991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.730{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000080990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.730{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000080989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.730{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=A2E7DB9004B5F149FEA6776FA9C7A9F3,SHA256=C62D701FF9A54CEFA5629F904470D4664A41598270A4952B7A60E542D7A87AED,IMPHASH=8F303613138642A89948D086887F818CtrueMicrosoft WindowsValid 734700x800000000000000080988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.728{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=9BA49461346F5B2DAFE81E401E884241,SHA256=297B46C95521B8EB59B3793F0ED2736F39C495D2C3D622638EE9205F53E69EFD,IMPHASH=3546967BD7A83D49718BE45FB48403B5trueMicrosoft WindowsValid 23542300x800000000000000080987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.727{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C5380B8E1593C192E2E2A5F230F2BAA,SHA256=11A81AB21726CD7EC50BA01D3499979CDC7E0EEE4F6BB49537A276F7865AC247,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A5DBC147158A0FFB44246C9452A1C9E1,SHA256=D7763F384F902F00980FE6A2ED0F254AF0539B66AAABFF64413B0D17606000A9,IMPHASH=CAC6B3339C5CAA083E24A4484EE86E29trueMicrosoft WindowsValid 734700x800000000000000080985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=F6B687A32ABAE8BE3B02C122B58D952F,SHA256=DF763BDC4348BBEA93375263BF88E0BCD1267C58FC0F6E994F6D778D302DDE85,IMPHASH=60EA58ED63BD25EC1709F72F112B0086trueMicrosoft WindowsValid 734700x800000000000000080984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=7BC54AA66588A3DF7B1448A4493C6663,SHA256=9CB1BA7C092164DAA14E21454606905E294D137AD72158F92A666077D7CF1946,IMPHASH=2DCB08A6E31A83C3EA33C5793EFA9A56trueMicrosoft WindowsValid 734700x800000000000000080983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=0D885953D657434CA5015545A364BDB9,SHA256=1D29921E136F84B4CA9F1EBD646CFFF4571EA805A6CC5BC1F7C7784CC3246088,IMPHASH=76F056ED62EDF4D48793D8C5EDA733ADtrueMicrosoft WindowsValid 734700x800000000000000080982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=7CAAFE27AECA4ED69CC960438C1B5757,SHA256=725B17A1DC08013337B50D4E0A6E332CC4C30F164383DF2ABBC735001C834F2C,IMPHASH=BFFFEC36C21D417AD54A3AB3D4E7EE22trueMicrosoft WindowsValid 10341000x800000000000000080981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=E1A1B98F2AD180FA2117A56D869E5830,SHA256=2D9711E9D549CCB441EF21F72F08FB4EACD5F2990193C6FFFC7E7AC92FA6E670,IMPHASH=1FCD5DF5B3D97346B0A828B1CFDB1ED1trueMicrosoft WindowsValid 734700x800000000000000080978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=2BDBEE1B42063F245AC86F54C236BC4E,SHA256=CD558E008DA76E171FC9B8CF87556353330D7B7BF593B5074E4FEB08BC14CFC6,IMPHASH=6FE75EB0A263DD16629B09AECE416B36trueMicrosoft WindowsValid 734700x800000000000000080977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=4BA1C50E6607AE70495B58874963B901,SHA256=72BBBB4145E058C3B12504AC0EC128CD44E282D40959D018192899276A2B9C69,IMPHASH=9F60CD6001B5CEA647B250DFF3B6F65AtrueMicrosoft WindowsValid 734700x800000000000000080976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=0FDEB9236FF287E329F2EF155BA8AE56,SHA256=5F0C2A29312C82D14B8B42D2B6AAFEB82EBAD20822B603FD162E6AAF39B06C95,IMPHASH=2D7046CEF5DEEA9D960D37CB0A98F146trueMicrosoft WindowsValid 734700x800000000000000080975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=F169BB178FFF9EF0E90CF23D07F1B57A,SHA256=1A28934762F0FB587D63FBCD755198F9E660D38F49A7C85C976EB8FF646F2B67,IMPHASH=25AC4D4B6BEA6260ADEE864A6D475575trueMicrosoft WindowsValid 734700x800000000000000080974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.709{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=203F58BA41B48A59D6A047E0233DB422,SHA256=4204F7C2B4E13AA3819A180FACA724435F6400FE97D2EF6C74634A0D7E51F7F3,IMPHASH=EA6E499F92F9040E9609EFDC47BE01FEtrueMicrosoft WindowsValid 734700x800000000000000080973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=F5FF215A5AE295644FE12BEAF6B75D00,SHA256=714EEB3B620CC9E368813728B1D247684519A3181211CDB5FCC37451F9BC2B96,IMPHASH=F90F73E985A4791F34FE3574D5616CACtrueMicrosoft WindowsValid 734700x800000000000000080972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=AF2A9437F3AED2E8254B7E1EB6E96782,SHA256=D8F3C957BDBD9DB510E71B07CDE1B446491D4DC520787548060B3AAD1324C62A,IMPHASH=5D2578ED274AAD83C30A3917C98404EEtrueMicrosoft WindowsValid 734700x800000000000000080971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=318804DFF282AE5C2FEF5577057CB913,SHA256=A65C5C3F38A793F0C59C1A4553940D6D236CE2BC3380898E865BF0E1F80FEE8C,IMPHASH=5D92B73B6930EFBC71A36B7FEF62DF62trueMicrosoft WindowsValid 734700x800000000000000080970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=CDD32AC585A458B6B2BC777FACF83BA4,SHA256=6A6D1362633319BA3E2D389A70827D0B5802C5EA9DD5CA723AEA6DBF65713426,IMPHASH=E698C8E2E06172CDB524686FF10A5C5EtrueMicrosoft WindowsValid 734700x800000000000000080969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=E9E209227AF7EFBFDAAA0B932251486D,SHA256=639DD063669F506790DA8C940E3BEBE4F7CF31668260F94CF5A67C93021D2BDF,IMPHASH=25AFDCBDCE8BEB6A7109D378495BE552trueMicrosoft WindowsValid 734700x800000000000000080968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=C6C25E7A5D01FD9147D482CD834999E4,SHA256=AB08074A7B8F0F23EF24CAF00654510E7F89F8B31E5F57A7E059ACFAB34F4C29,IMPHASH=C4387C261B588A5F35A1A681C1322E08trueMicrosoft WindowsValid 734700x800000000000000080967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000080966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000080965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000080964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000080963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=E3851CE4A433475612CB0E1552A733E3,SHA256=F391BAA7AFF5734842737FC1B4C58856BA5E409A7B97C037995F0F26150A85FA,IMPHASH=6DF3E31673D2CCEDABFBE5A79390B72DtrueMicrosoft WindowsValid 734700x800000000000000080962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=F058FE3C5E3DEF875A654A18551D88E5,SHA256=78DC0394AA359DBD2EB8BE7F13FEDF0478C8AA55785712B358FAC1C97D051B87,IMPHASH=44F906D172B935DEA0C5D038C6FA8449trueMicrosoft WindowsValid 734700x800000000000000080961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=8E944CBA7B0993C79E9AFD7A98731F0A,SHA256=4C377F857E4ADF55949D88F4CC4A0B7A38268532284ECD1331C25F4C29E2EC71,IMPHASH=7E0E904C0FD68DBF5F794D700C0C3C3DtrueMicrosoft WindowsValid 734700x800000000000000080960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=294BC43051C27ADB96A957A6FB9448BE,SHA256=9564D3F69345F9883161007F2E26298FD377B023D1D46C0AAE9821B4B26A74B3,IMPHASH=B1175218A8304DF3BD6BF43A45EE8073trueMicrosoft WindowsValid 734700x800000000000000080959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=7B019DFD62509B244C4A11809F595C07,SHA256=2E879BBDC7C215041617FC599FCBA8C474F99E27B8333EA4DCA4854FE738F22D,IMPHASH=918DADABE6E41CFBB03F954A46D3F72EtrueMicrosoft WindowsValid 734700x800000000000000080958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=3D4308BAC53B881B16D9BD1006ABDC65,SHA256=26DF85FC22F9FCAA2212CB66612FE8F5CC6382953FE81B9C34128E43080C7891,IMPHASH=C7D6B46400E43E7BE538D1CCB512EC25trueMicrosoft WindowsValid 734700x800000000000000080957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=580643DD40890B231399EA5F57EFAA70,SHA256=0B374B1825ABFF7B26170E75F1B638DF08A15B07660A7DF5533F02853CF266C6,IMPHASH=AC11100B3FFA7FCAFA188E618E4C7CC1trueMicrosoft WindowsValid 734700x800000000000000080956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=990CA13B9FE19A5A611F77B333BC9AAD,SHA256=EC3960CAABA4FC0287601311BDCC14D472A165DA7C43F88665D984CE1A0B7DE4,IMPHASH=EED74FF36259DAC3FFC7675209FEED89trueMicrosoft WindowsValid 734700x800000000000000080955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=3394E4EEB4851D80DD7548EC87EAEA5F,SHA256=7F670ACCE58EAADE796FEF335B4EAEAB66DFC47875219B9BE3C9B405A452450B,IMPHASH=C3B61C1F5D46A607D624033E7094E4FFtrueMicrosoft WindowsValid 734700x800000000000000080954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=F3B7F231407DD207CABC94C9347984AC,SHA256=053A1D95EEB426416278D2AD7D584FDD984A8B445CC88B46785AB8666383FB0B,IMPHASH=B5CBF1B1B5086E2C500FD84325E04D44trueMicrosoft WindowsValid 734700x800000000000000080953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A1EDD29F959E38F8AE4AF9B5CDD2B534,SHA256=CE5ECDC3BEFA2DC8C826A697EAC6CDAC12753258315701130CDEDB19D24DBC75,IMPHASH=8B861EA72FDD6FC722328B2746B13380trueMicrosoft WindowsValid 734700x800000000000000080952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=E3B7B5531159A395AC63B7EA256FE7B6,SHA256=B631E93E271E706E0204B606D7851ADF7E65FCA04ACDD73103F0754A9C01007E,IMPHASH=6E1D0A92C1917EFBFC1EEA82FA5E155FtrueMicrosoft WindowsValid 734700x800000000000000080951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000080950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64cpu.dll10.0.14393.3503 (rs1_release.200131-0410)AMD64 Wow64 CPU Microsoft® Windows® Operating SystemMicrosoft Corporationwow64cpu.dllMD5=C1F2078639481364EA3FDD10CBEB1A18,SHA256=B63E6DC0B3D7ABA9CB95929A1A360208A570CB2072474276F649B68F1AC8DC82,IMPHASH=15CD876FB3F6EC97A2F7466360415F86trueMicrosoft WindowsValid 734700x800000000000000080949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000080946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64win.dll10.0.14393.3383 (rs1_release.191125-1816)Wow64 Console and Win32 API LoggingMicrosoft® Windows® Operating SystemMicrosoft Corporationwow64lg2.dllMD5=62DEBA17D0A26B352F1C3F02144BC6EA,SHA256=5A1C08FE318942CB31048DBD641E25610DE842E34470B3E54FEDCA4E2642D4E0,IMPHASH=3045357B61B63AEF6CBCD96F2FA7E9D8trueMicrosoft WindowsValid 734700x800000000000000080944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.693{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64.dll10.0.14393.3503 (rs1_release.200131-0410)Win32 Emulation on NT64Microsoft® Windows® Operating SystemMicrosoft Corporationwow64.dllMD5=447615F19DAAFF9C308370C59F493BF8,SHA256=45ED2009CEEB249BBF518B958AF02B97E667DB68C9B6D65642E69E9B0300CF5D,IMPHASH=03B9E38A9E88FDC66380837CCC8647FAtrueMicrosoft WindowsValid 734700x800000000000000080943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=57015A39A73789DC7171F4F6B211AC32,SHA256=3ED6D5A7095A141DCF234926EE0274FDA627C2829607DCE0F7604B7C683067E9,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843trueMicrosoft WindowsValid 10341000x800000000000000080940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-590A-00000000DB01}88329972C:\Windows\system32\mmc.exe{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+5fc62|C:\Windows\System32\KERNELBASE.dll+5f7f6|C:\Windows\System32\KERNEL32.DLL+608d6|C:\Temp\test.dll+1081|C:\Temp\test.dll+134f|C:\Windows\SYSTEM32\ntdll.dll+1859f|C:\Windows\SYSTEM32\ntdll.dll+71d1e|C:\Windows\SYSTEM32\ntdll.dll+71b6b|C:\Windows\SYSTEM32\ntdll.dll+2d7dd|C:\Windows\SYSTEM32\ntdll.dll+18b4d|C:\Windows\SYSTEM32\ntdll.dll+1512d|C:\Windows\SYSTEM32\ntdll.dll+11c4c|C:\Windows\System32\KERNELBASE.dll+25b2f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a8937|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a868b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525ab3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525eff|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+5289ad|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4f2242|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4258c9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13e9a7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13916f 154100x800000000000000080934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.685{8057F119-3169-60EC-5A0A-00000000DB01}9296C:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEC:\Windows\SysWOW64\mshta.exe C:\Users\Public\EVIL.htaC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exemmc gpedit.msc 734700x800000000000000080933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=ADE7AAC069131F54E4294F722C17A412,SHA256=92D50F7C4055718812CD3D823AA2821D6718EB55D2AB2BAC55C2E47260C25A76,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x800000000000000080932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Temp\test.dll-----MD5=BAD072DD3BD7B46B8C7BD7D27569D9D5,SHA256=25EC6A50C36ED42C4AEC92B0DAD67F49DD39ED10C9048185AD72F2FE4816E5C8,IMPHASH=3DA185B95597422D5F87D0C5E8C33CC7false-Unavailable 734700x800000000000000080931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.678{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationucrtbase_clr0400.dllMD5=F8F171BE1820544E15B555847005355C,SHA256=CDDF9A2BF085AE59BA464B3BA6394AACFC342DA5F17D77FD5306054C8AABF153,IMPHASH=0524DC27AA10ADA72FFB6F88F5FD8829trueMicrosoft CorporationValid 734700x800000000000000080930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.662{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140_clr0400.dllMD5=63936588122BDEE9624D02CE3F8F54EA,SHA256=21F7E6165CE8DD92DB8CDF48CEE83DE64B2B0807B7B499CF87678B70C6F8C32F,IMPHASH=CD244BF7A749BF0B13E038D2EE842BFCtrueMicrosoft CorporationValid 734700x800000000000000080929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.662{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll4.8.4380.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Common Language Runtime - WorkStationMicrosoft® .NET FrameworkMicrosoft Corporationclr.dllMD5=70694DB5ADC4C766A3572886DE86A9C8,SHA256=C81FD948E0CFF4961674B068D157DBB196328348202C1CC3BD08C1E4D1203036,IMPHASH=6851068577998FF473E5933122867348trueMicrosoft CorporationValid 734700x800000000000000080928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.662{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45E,IMPHASH=005299FA213F652A596AC31760C5340BtrueMicrosoft CorporationValid 734700x800000000000000080927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.662{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBC,IMPHASH=12E8F895FFFE1065F24D148EC1ED3096trueMicrosoft WindowsValid 734700x800000000000000080926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.662{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 734700x800000000000000080925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.647{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\AdmTmpl.dll10.0.14393.3986 (rs1_release.201002-1707)Administrative Templates ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationAdmTmpl.dllMD5=E1CF1CD067E3C0C53A0F2A1544524688,SHA256=0A1644529D587272E6FCE0257AE061F223BFB958618D76D7CC5F9EF66011803F,IMPHASH=D6275993A6AA40AF4EF7CB35C64D34A3trueMicrosoft WindowsValid 734700x800000000000000080924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.631{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\msi.dll5.0.14393.4350Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=DEC633243BDCEAD0E3BDDDAFBC933F02,SHA256=FC9AFA9CDD6ECC1194C1532F37AF6FEE9E888DC5D2056BCE0C59538A389FC9DE,IMPHASH=702DDC1509DE604C8D612A66E9E39DACtrueMicrosoft WindowsValid 734700x800000000000000080923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.609{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\gpprefbr.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy Preference BrowserMicrosoft® Windows® Operating SystemMicrosoft CorporationpmbrowserMD5=C6F7D269250C984166912CE18E1E7083,SHA256=CFF659257BB3B45AABBB11D5D9930FB83EF30CDB168F1DFFCD226AFEE335C258,IMPHASH=B95C208D652CA4ABD1753B600C50E7D3trueMicrosoft WindowsValid 23542300x800000000000000080922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.594{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=23E2963A1DEC494C9F7D8CDCD74AAF55,SHA256=793AE4C22ED92B13494E82E02F5E28D754B3044EE3B0F8EAD610B706FACAA81A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.594{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\gppref.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy PreferenceMicrosoft® Windows® Operating SystemMicrosoft CorporationgpprefMD5=FEBB503E16009EF67E2B39B076AFAB19,SHA256=2C8B648BF4325C9E5A46DBC9075E2BD37A6E649153E7F97E42B1518B5F0B8CF0,IMPHASH=B574852D0C9D30D215A9F05463D02F7BtrueMicrosoft WindowsValid 23542300x800000000000000080920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.594{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=2D0961CE9FBE758674A6397F5046F1A0,SHA256=2D7F8FEFA83AEE8BFA5813B9672677B002ACCDC59EC09E7883AA95326656442A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.578{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4,IMPHASH=334E5331674424695F9872596E2677C7trueMicrosoft WindowsValid 734700x800000000000000080918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.578{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=6EE744B7052F6DE1C9870F9C97FDB42F,SHA256=6FE549AAB3A751D32F4FE7A1492BE85B4FD4AD718A9561CBAB6E82B97BCFDD40,IMPHASH=8C07B81A4B319D612B954B42DF3C1D74trueMicrosoft WindowsValid 23542300x800000000000000080917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.578{8057F119-1972-60EC-FB05-00000000DB01}4904ATTACKRANGE\AdministratorC:\Windows\system32\taskhostw.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\DID55GTF\views[1]MD5=A726593A8261930E4786375106FC6BFE,SHA256=E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.578{8057F119-3169-60EC-590A-00000000DB01}8832ATTACKRANGE\AdministratorC:\Windows\system32\mmc.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\NVCWY13N\views[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.563{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\wininet.dll11.00.14393.4467 (rs1_release.210604-1844)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=2155253CEE186286631247CCF3C7D138,SHA256=AA97CAF5AE292D467421116F9DB4A84008A6ED868F1ADDBE06585BF3FCCEB476,IMPHASH=B3ABC7D59C2B1ACAEECA63C53B0AAC4BtrueMicrosoft WindowsValid 734700x800000000000000080914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.563{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=E5259F73A504669357CF435C9044FA5E,SHA256=3E84BDF133912A296FBC842A9103452F27C05785D77E145329BFB9B3F5B5A7F1,IMPHASH=CBEE0B2314A44C19D7D26951C39F11F6trueMicrosoft WindowsValid 734700x800000000000000080913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.547{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0,IMPHASH=FED414075FF3F23F21C898B1860393B4trueMicrosoft WindowsValid 734700x800000000000000080912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.547{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000080911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.547{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458,IMPHASH=F1FC6BF3699C289EBAF914A7771E49CDtrueMicrosoft WindowsValid 734700x800000000000000080910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.531{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000080909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.531{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000080908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.531{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ieframe.dll11.00.14393.4467 (rs1_release.210604-1844)Internet BrowserInternet ExplorerMicrosoft CorporationIEFRAME.DLLMD5=13F327C8FBD3F269304BB84DE36474A9,SHA256=81560FD91B1DAB5329E68F6E43F16DA7FC9E0296D16EF8F234A6AD0D4BEA62AA,IMPHASH=C88C7ABCCBE2D1CE9D711B5FBA02EA04trueMicrosoft WindowsValid 23542300x800000000000000080907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.494{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=52679D7FA465AAE1993C67324F76520B,SHA256=BEB98E28660F79FA7A6463CD4998DBA7283072350A490B8862F2B0F65871331A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.494{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D635C998E4A2F02A8105AB62376FD5E,SHA256=87E27CDB3E980BE3C10B6784974A005AFD159E9D50383D0106C4FF852F719494,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.410{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\atlthunk.dll10.0.14393.2969 (rs1_release.190503-1820)atlthunk.dllMicrosoft® Windows® Operating SystemMicrosoft Corporationatlthunk.dllMD5=BECA5E9FA540246333036919A57B7AEF,SHA256=62C24B274B38A88C83EE122CB30142C2135953C1A26582AD003512B238CB7FC9,IMPHASH=E86BAF1A171668A11110B8975A3BDE27trueMicrosoft WindowsValid 734700x800000000000000080904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.363{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000080903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.363{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000080902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.363{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000080901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.363{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000080900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.363{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51,IMPHASH=05056B92E29CCE6F97F9C6674AE080C0trueMicrosoft WindowsValid 734700x800000000000000080899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.347{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046,IMPHASH=563B6F147961D943E0261E05EAD94B56trueMicrosoft WindowsValid 734700x800000000000000080898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.347{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 734700x800000000000000080897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.331{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 23542300x800000000000000080896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.327{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FCE9CCEAEF82127CD0700A455EA1AAD,SHA256=A0B67CB04EBEA8C681E1D4A7C993A3574B2BE4E04F777E72592A691AEE5BD5AB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.309{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9,IMPHASH=427F18493D540CBF4092BD07A97BE51FtrueMicrosoft WindowsValid 734700x800000000000000080894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.309{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000080893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.294{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000080892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.294{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\polstore.dll10.0.14393.0 (rs1_release.160715-1616)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationpolstore.dllMD5=AE6F98B3745A1EFEFBF3B7A8A3C3C53D,SHA256=C1D6274305D023AEB46EDD8981B873E53546648AE12053774C4278FB9BD1D011,IMPHASH=A0AC5A6530D0A76AD98B72F80717E27CtrueMicrosoft WindowsValid 734700x800000000000000080891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.294{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ipsecsnp.dll10.0.14393.4169 (rs1_release.210107-1130)IP Security Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationIPSECSNP.DLLMD5=787CFB5A7CBEB7125E61B59081DFF212,SHA256=553B8503559AC164359EFFD2A966DE35C50F840F5D51EBE58108B5C388AD3932,IMPHASH=809DD47539EED08BC0A26132903E0004trueMicrosoft WindowsValid 734700x800000000000000080890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.279{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000080889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.279{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dsuiext.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Common UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsuiext.dllMD5=FE6052C8CCDC9570E0A6535A0DA46BD9,SHA256=4D0AC8F3C5C258DFAF8DDF07A37B94ADE58E838EED5FA610FC13E957D98E4E79,IMPHASH=D81CA2AA793C8BAFCBCE288F63313BCBtrueMicrosoft WindowsValid 734700x800000000000000080888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.279{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2,IMPHASH=AB84E6F170EE70C2F0F5C709A85E872CtrueMicrosoft WindowsValid 734700x800000000000000080887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.279{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\authz.dll10.0.14393.1737 (rs1_release_inmarket.170914-1249)Authorization FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationauthz.dllMD5=6BAADF6A3E985DE5AB6FDA778E18F1A5,SHA256=8FD060B0F29A1FB23C3D1F389C22EC067247F1E457F331D2B15AE44323ECB8D0,IMPHASH=720B221BA6A01692F2370B4CCC197970trueMicrosoft WindowsValid 734700x800000000000000080886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.279{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dssec.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Security UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdssec.dllMD5=40D4AF43D521476F76C71CBBA609BD52,SHA256=56DE5022EC8C1CEB6203463F681E828D2D500BF066D1F3D617F5D1849FE99FFB,IMPHASH=02988505EDF42864EE719379A329CFC4trueMicrosoft WindowsValid 734700x800000000000000080885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.279{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000080884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.263{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\gpedit.dll10.0.14393.3986 (rs1_release.201002-1707)GPEditMicrosoft® Windows® Operating SystemMicrosoft Corporationgpedit.dllMD5=2763BDA50EB812D28B97EFDE6C72A906,SHA256=1C50275E3A13A5C13DBAB322262C072CE26ED2F9276B8F572489E0914BD28C51,IMPHASH=4806C6DC2AD2917E93136CB79138A68CtrueMicrosoft WindowsValid 734700x800000000000000080883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.263{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\scecli.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Security Configuration Editor Client EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationscecliMD5=BAA89268BE81CC61434688AD2D9640FB,SHA256=CEA9666B3CDCC33B2338B80D0DB4FFA0B12A78A5436FC311D78A4E7914F6EE87,IMPHASH=E8ADB2FA4DE364A13AACC7A2AB0A7DC7trueMicrosoft WindowsValid 734700x800000000000000080882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.263{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x800000000000000080881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.263{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\wsecedit.dll10.0.14393.4225 (rs1_release.210127-1811)Security Configuration UI ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWSecEdit.dllMD5=09E58C11C76F18E6710E3843C25CA3DD,SHA256=DC345CB26416422921B48185086FDB1545C3655CCAACE3DB9E9C571647DD8CCF,IMPHASH=7A899B1ACB52241546FFC5E0A7779E17trueMicrosoft WindowsValid 734700x800000000000000080880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.247{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8,IMPHASH=B53F82B33CA6ABD6251152A46E5FF78CtrueMicrosoft WindowsValid 734700x800000000000000080879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.247{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000080878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.247{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\aclui.dll10.0.14393.2515 (rs1_release_1.180830-1044)Security Descriptor EditorMicrosoft® Windows® Operating SystemMicrosoft Corporationaclui.dllMD5=90FD7D609825CE93CC663E37DDBA1CB5,SHA256=C1F84D5A7F171C7FB4986E4E647BFB78F7E9D7DDEFDCD92EA5CAAB77AA7E11A9,IMPHASH=9939EFA70C5D79987E10B21C80592DAFtrueMicrosoft WindowsValid 734700x800000000000000080877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70,IMPHASH=6FD21A38F62935B130604FF29AA3AFC5trueMicrosoft WindowsValid 734700x800000000000000080876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123B,IMPHASH=4DD388EAD48B428D06DBB92F58C86A13trueMicrosoft WindowsValid 734700x800000000000000080875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000080874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210,IMPHASH=BC4A2B9355432144727A5322381AB386trueMicrosoft WindowsValid 734700x800000000000000080873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000080872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\logoncli.dll10.0.14393.3808 (rs1_release.200707-2105)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=B5C16F0A457DB3C7695AAC9EE7E3EE1E,SHA256=88764349C57E619C6D1253BB2F4AFB27DBD141E9EB9C12D445C20F7384A4F437,IMPHASH=FD7877EA3FC7D2EDCA1ADC932A5034BDtrueMicrosoft WindowsValid 734700x800000000000000080871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885,IMPHASH=70AAA0F56F084D1AE09EB5CD51B268ECtrueMicrosoft WindowsValid 734700x800000000000000080870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000080869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000080868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.194{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\imagehlp.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationIMAGEHLP.DLLMD5=E1C665DC0FD5A7423B0C0F5325A1027F,SHA256=8B84BE9335EF640ABAA8E8BBA45C6BC77F2251359D4BCC157235CB4BC107AE69,IMPHASH=C88C4D131D277C03F0879B4E0D5679DBtrueMicrosoft WindowsValid 734700x800000000000000080867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.178{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000080866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.178{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000080865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.178{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ntdsapi.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntdsapi.dllMD5=01AD803D409DC3C6582A9C519EB4B014,SHA256=C5A0873EC1223A67CE5980BB62F176FDF2E61BB54081CE004F479629413F27AA,IMPHASH=F054B0981CD29F6A35E7C04E22CBC1FBtrueMicrosoft WindowsValid 734700x800000000000000080864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.178{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000080863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.178{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 23542300x800000000000000080862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.178{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=619BE1270214C281E7D2A7463FDA0681,SHA256=A49FFA4B138B5D2877A5DA2999BFD25A688E60755BE96670EF9CC9B18AEEC2FB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8,IMPHASH=62620EF249FFBE3A3FFFCF86ECC0E8AFtrueMicrosoft WindowsValid 734700x800000000000000080860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000080859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000080858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7,IMPHASH=E4AC0A0BD42B7356347D6A1BE150F6A6trueMicrosoft WindowsValid 734700x800000000000000080857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000080856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23,IMPHASH=2BEC012C7F0C624C5C5ADC500530215DtrueMicrosoft WindowsValid 734700x800000000000000080855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\certmgr.dll10.0.14393.4169 (rs1_release.210107-1130)Certificates snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationCertMgr.dllMD5=3DA0529210995B257F9ED33CB14A2FC3,SHA256=A3EBA3CB56A57EFA43E9C49194F2FD41B81481F88062959BDC4DC3520416A309,IMPHASH=5657D08561EA9D97B13FA4C28661EBEEtrueMicrosoft WindowsValid 734700x800000000000000080854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\wlangpui.dll10.0.14393.4169 (rs1_release.210107-1130)Wireless Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationWLANGPUI.DLLMD5=9E33E97A0FE466076D42D13F5635A478,SHA256=AEE7A26D0D10F949228D0C7D241CAC457663902B428AD30DDE594C56AADF77F4,IMPHASH=0D879D7637744E29F6C3E75CFEBC015EtrueMicrosoft WindowsValid 734700x800000000000000080853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\AuthFWGP.dll10.0.14393.2155 (rs1_release_1.180305-1842)Windows Firewall with Advanced Security Group Policy Editor ExtensionMicrosoft® Windows® Operating SystemMicrosoft Corporationauthfwgp.dllMD5=53317F9C457BEC2D5FF5B77DFFF77C50,SHA256=93C6ABF90D8A7E6502F85266BCCE9A27B2021ED02E0F64AFC6DA2F4591D15906,IMPHASH=92F2C0E6509696CC91467DCBAEDF933DtrueMicrosoft WindowsValid 734700x800000000000000080852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000080851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000080850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000080849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\eappprxy.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft EAPHost Peer Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationeappprxy.dllMD5=8859948D74C0CE993BD9FA2D7C816A0E,SHA256=E48867AD309BFBE43E4A2F6B702EF19656E1F9E65FC9F0DF179539BAD6BF338D,IMPHASH=5E19174AE1E573CB6B03FB1013388E28trueMicrosoft WindowsValid 734700x800000000000000080848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\eappcfg.dll10.0.14393.4169 (rs1_release.210107-1130)Eap Peer ConfigMicrosoft® Windows® Operating SystemMicrosoft Corporationeappcfg.DLLMD5=98CEFA645EB1E49E520DE83C80756469,SHA256=5DDFB12A86D6B8C674859C3F52A3C720DB0D6C26486DFCC062D36BFFE9345473,IMPHASH=AE4E90B7ED47E5CD4A726EC6204EBECBtrueMicrosoft WindowsValid 734700x800000000000000080847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\l2gpstore.dll10.0.14393.1480 (rs1_release.170706-2004)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationwlstore.dllMD5=52574FAC28BB308F127E4BBC4138EBD5,SHA256=517AF989E99F6870E33DE3EEE77F94C33D74B85D9A2C2540B018B096C61C2F89,IMPHASH=81EB696902002AA26A6111B6B9EFE08CtrueMicrosoft WindowsValid 734700x800000000000000080846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\onex.dll10.0.14393.4350 (rs1_release.210407-2154)IEEE 802.1X supplicant libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationonex.dllMD5=B958F829E52F260087CB7209F7B99555,SHA256=1428C08B74CC2D0EF9E493187F1963E7B47898249EB158CABE908B82B771C409,IMPHASH=BCD01C70FCB0801784A8044932B1C44AtrueMicrosoft WindowsValid 734700x800000000000000080845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560D,IMPHASH=5500EF6AAEED0FAA2DE0F3B65E67DE20trueMicrosoft WindowsValid 734700x800000000000000080844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dot3gpui.dll10.0.14393.4169 (rs1_release.210107-1130)802.3 Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationDOT3GPUI.DLLMD5=3C8A654CE7001BF594728B1039ACC327,SHA256=E9924BC5DF7BD79D7CDD60035009265CAA7629C7CDB6E5AA120B5F327183FC3C,IMPHASH=1B83DE64ADAB18A05A2AD993260E56C0trueMicrosoft WindowsValid 734700x800000000000000080842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.163{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117,IMPHASH=BF1AF19CCBABA6D54178C43BE36CD985trueMicrosoft WindowsValid 734700x800000000000000080841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.147{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\msxml6.dll6.30.14393.4467MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=ECF3F9FC612FED875FC8A10052F82CE3,SHA256=9A06876BCFF61CFBE46F80EC76A61E66D80D734607D9503B4162840DE2039F16,IMPHASH=A74F148CA887740D0E045C70ACC762EBtrueMicrosoft WindowsValid 734700x800000000000000080840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.147{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mmcndmgr.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Node Manager DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcndmgr.dllMD5=DDDF9C3B3B4CCFAAD35BA49B0864608F,SHA256=A8EE05699A2CE04D63D078C33A397ABE8D90AE6BC5F0156230620615B13A2F8B,IMPHASH=51AD9533DC3E1E0CFCFEECD129A51944trueMicrosoft WindowsValid 734700x800000000000000080839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.147{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 23542300x800000000000000080838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.147{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55E216685F57A0C5095901E60395F2B8,SHA256=324E4031A348447B65D2D366CEDE2E4069A503AB7CFFC756BD060EE1D6A8E5DE,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.147{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000080836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.147{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000080835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000080834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000080833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000080832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000080831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000080830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000080829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000080828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dui70.dll10.0.14393.4169 (rs1_release.210107-1130)Windows DirectUI EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUI70.DLLMD5=C3DC010AC7F5880CC7BE626566FC4130,SHA256=3ED6E9D0AF769B0BFBE94DFF4CC07A94A81271133FBB60C9EB02676C92FFB87E,IMPHASH=E76D3161885DD9D13E8514AFC7BF3853trueMicrosoft WindowsValid 734700x800000000000000080827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000080826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000080825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\duser.dll10.0.14393.0 (rs1_release.160715-1616)Windows DirectUser EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUser.DLLMD5=42D5E1F8641E9DCEE0D8751F6F7A8961,SHA256=9168110EF404BF179888AF4A0F02B2817F020BFB16351778F2DDD6915C92F190,IMPHASH=9134DC493583245CFD7E3B68926C19D0trueMicrosoft WindowsValid 734700x800000000000000080824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000080823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000080822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000080821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.131{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.130{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\odbc32.dll10.0.14393.3471 (rs1_release_1.191218-1729)ODBC Driver ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationodbc32.dllMD5=7BE20E672645485F6A3B2E34389344BA,SHA256=B6F6E06CACEE09FB6CC0ACF874477FC9094EA4C14A07FF59B228BDD23C7BF02A,IMPHASH=B6FE10FF835FBB8612CC749787B5472EtrueMicrosoft WindowsValid 734700x800000000000000080818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.130{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000080817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.130{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.130{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000080815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.130{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000080814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.129{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 23542300x800000000000000033504Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:21.202{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E29C7B00209B2C65EF38B652868C9997,SHA256=9C049289691B41DD78A532475D497D5F8BEFFB391AC7142E7166A9895BC433D7,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000080813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.129{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000080812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.129{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mmcbase.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcbase.dllMD5=1C8D01FA2F46DA43580F66690E59F942,SHA256=24E48F93B6050D9DA4D1B93D07FCEA7F15AF8142BA8F4B8CFEF19FA670EB5B4E,IMPHASH=3A0957E0E673BE892DE6FEF53C3A2C7BtrueMicrosoft WindowsValid 734700x800000000000000080811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.129{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000080810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.129{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mfc42u.dll6.06.8063.0MFCDLL Shared Library - Retail VersionMicrosoft (R) Visual C++Microsoft CorporationMFC42.DLLMD5=DD361EE0A665F41783E02CEA20285E61,SHA256=457BF44CC1BE99FD74983178AC34E83AEC2ED73DFEE9F9FC7F5F501AD8A6D03B,IMPHASH=5407FE666C5FCACC20F969C8CE05D993trueMicrosoft WindowsValid 734700x800000000000000080809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.128{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000080808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.128{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.128{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000080806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.127{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000080805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.127{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000080804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.125{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.125{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exeC:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exeMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9FtrueMicrosoft WindowsValid 10341000x800000000000000080800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.123{8057F119-3169-60EC-590A-00000000DB01}8832C:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exemmc gpedit.mscC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9F{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000080795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1060,RunKeySetValue2021-07-12 12:11:21.109{00000000-0000-0000-0000-000000000000}5760C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500\Environment\COR_PROFILER_PATHC:\Temp\test.dll 734700x800000000000000080794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000080789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3168-60EC-540A-00000000DB01}62809720C:\Windows\system32\conhost.exe{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000080785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000080783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.109{8057F119-3168-60EC-530A-00000000DB01}70763960C:\Windows\System32\cmd.exe{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.114{8057F119-3169-60EC-580A-00000000DB01}5760C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER_PATH" /t REG_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000080777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1060,RunKeySetValue2021-07-12 12:11:21.094{00000000-0000-0000-0000-000000000000}8228C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500\Environment\COR_ENABLE_PROFILING1 734700x800000000000000080776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{00000000-0000-0000-0000-000000000000}8228C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{00000000-0000-0000-0000-000000000000}8228C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000080771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3168-60EC-540A-00000000DB01}62809720C:\Windows\system32\conhost.exe{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000080768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000080766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000080764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3168-60EC-530A-00000000DB01}70763960C:\Windows\System32\cmd.exe{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.103{8057F119-3169-60EC-570A-00000000DB01}8228C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_ENABLE_PROFILING" /t REG_SZ /d "1" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000080759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1060,RunKeySetValue2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500\Environment\COR_PROFILER{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 734700x800000000000000080758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000080753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3168-60EC-540A-00000000DB01}62809720C:\Windows\system32\conhost.exe{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000080748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.094{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3168-60EC-530A-00000000DB01}70763960C:\Windows\System32\cmd.exe{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.093{8057F119-3169-60EC-560A-00000000DB01}5768C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER" /t REG_SZ /d "{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000080741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1122SetValue2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500_Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32\(Default)C:\Temp\test.dll 734700x800000000000000080740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000080739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000080735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3168-60EC-540A-00000000DB01}62809720C:\Windows\system32\conhost.exe{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000080733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000080732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000080731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000080730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.078{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-3168-60EC-530A-00000000DB01}70763960C:\Windows\System32\cmd.exe{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000080724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.075{8057F119-3169-60EC-550A-00000000DB01}9304C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Software\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32" /ve /t REG_EXPAND_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3168-60EC-55AB-890000000000}0x89ab553HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000080723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000080722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000080721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000080720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\cmdext.dll10.0.14393.0 (rs1_release.160715-1616)cmd.exe Extension DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCmdExt.DLLMD5=71B9AD2C078C208ED1633DE7DDAA834F,SHA256=44A35F3F5561E722EA1ED9A128BFF127E6086B114678774BC674BC717DD779B4,IMPHASH=03503926F7A6CC110815DF46C0AEFD5FtrueMicrosoft WindowsValid 734700x800000000000000080719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 23542300x800000000000000080718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.062{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=560039D70C926A16459E756718A82781,SHA256=1DC5C128FD0D5A6B8437DDA151A71695C0ADFFD4E29278F56C770632C756AF7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.047{8057F119-21BD-60EC-4B07-00000000DB01}58803300C:\Windows\Explorer.EXE{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.047{8057F119-21BD-60EC-4B07-00000000DB01}58803300C:\Windows\Explorer.EXE{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.047{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.047{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.026{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 10341000x800000000000000080712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.009{8057F119-21BD-60EC-4B07-00000000DB01}58809928C:\Windows\Explorer.EXE{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.009{8057F119-21BD-60EC-4B07-00000000DB01}58809928C:\Windows\Explorer.EXE{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:21.009{8057F119-21BD-60EC-4B07-00000000DB01}58809928C:\Windows\Explorer.EXE{8057F119-3168-60EC-530A-00000000DB01}7076C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.994{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000080708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:20.994{8057F119-3168-60EC-540A-00000000DB01}6280C:\Windows\System32\conhost.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 23542300x800000000000000081023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:22.693{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=52679D7FA465AAE1993C67324F76520B,SHA256=BEB98E28660F79FA7A6463CD4998DBA7283072350A490B8862F2B0F65871331A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:22.293{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC3EE27551772C974C18C45982C9FCE4,SHA256=C0402A2F846A58172C947B3F5ABE9CD7E88F5AC6F5FB2BEF9B97D086AD161145,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033505Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:22.217{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2C6348313E76F94D0F329082264819C,SHA256=C3AF8498DF0E35E4E3E0FA824FD02FC03CD6558B34DEC0EFA4939A49EF7F20A4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:22.185{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63484-false10.0.1.12-8000- 23542300x800000000000000081025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:23.308{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=314468277D07C5FCB12EFD79B686F8F5,SHA256=769CD24998CC5B108FA891165592A1C85F69B66E37AAD1160EC4DE436659EF12,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033521Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.655{50946567-316B-60EC-6005-00000000DC01}29521152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033520Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-316B-60EC-6005-00000000DC01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033519Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033518Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033517Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033516Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033515Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033514Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033513Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033512Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033511Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033510Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-316B-60EC-6005-00000000DC01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033509Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.483{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-316B-60EC-6005-00000000DC01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033508Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.484{50946567-316B-60EC-6005-00000000DC01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033507Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.452{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=B24537B80E10FA383724F038B6DEE101,SHA256=B18CBBC6469278975C8174EF831161AE7E13F6E6F0BCAD08BFFE32E6FCD46D0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033506Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:23.233{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58650DBD42F65705474BB313F2FF06A2,SHA256=D655E8EF2FA3A91CA334B77E0EC455C28B0697834E7E73FA58D2052392579895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:23.045{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=282B32F7309CA46239F7B5178B5BAC53,SHA256=8AC6E87832A93C2B6E7BD79E09F4A5E69854F7784B6C83E0C919056BC961A650,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033552Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.983{50946567-316C-60EC-6205-00000000DC01}3504916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000033551Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:22.550{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51664-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000033550Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-316C-60EC-6205-00000000DC01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033549Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033548Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033547Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033546Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033545Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033544Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033543Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033542Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033541Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033540Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-316C-60EC-6205-00000000DC01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033539Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.827{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-316C-60EC-6205-00000000DC01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033538Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.828{50946567-316C-60EC-6205-00000000DC01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033537Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.514{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72C222659F3BE91B7D3D52E0EA10CDFA,SHA256=29D3DD2D50302FE2AFB7DAE48A727FAAC5E7731886DB8229E3107F81631AAD2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033536Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.514{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4EB2CB6B534157F97B9715D05A914EF9,SHA256=78042114F5570FAA493583E2610C1EF011033B7CF509822537D400AC900790D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033535Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.311{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79A92E42C28775CB1DDFDC696991B13C,SHA256=19F2ED5A806D262F9071FA3A9E81FF9E868AFB0F92A1585A6F7DF2F51D99C9C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:24.328{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B69D8785AB86B61FF10AD665C856C57,SHA256=8E949660DAF8699884CC4B049AE6DEADD43B81E22428A11DAE3E35B990061D01,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033534Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-316C-60EC-6105-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033533Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033532Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033531Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033530Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033529Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033528Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033527Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033526Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033525Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033524Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-316C-60EC-6105-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033523Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.155{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-316C-60EC-6105-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033522Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:24.156{50946567-316C-60EC-6105-00000000DC01}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:25.344{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF22CBDC330470BC08C9C8C04447014,SHA256=A80B2930ABE273335B65FD645F90803ABB316CFCA8A06D3B5337B781509F8BD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033568Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.889{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72C222659F3BE91B7D3D52E0EA10CDFA,SHA256=29D3DD2D50302FE2AFB7DAE48A727FAAC5E7731886DB8229E3107F81631AAD2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033567Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.717{50946567-316D-60EC-6305-00000000DC01}2980912C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033566Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-316D-60EC-6305-00000000DC01}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033565Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033564Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033563Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033562Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033561Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033560Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033559Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033558Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033557Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033556Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-316D-60EC-6305-00000000DC01}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033555Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-316D-60EC-6305-00000000DC01}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033554Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.499{50946567-316D-60EC-6305-00000000DC01}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033553Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.342{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A1E31E199BAC2566F494D0CFDBDFD9A,SHA256=57211027E1802099DFD60997FF5BC5FB82EDC90E2B93B91A16EC3D4069BDF364,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:25.226{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033582Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:26.655{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1C7848E856C12672378433133127B3E,SHA256=63E8A1E1CC6D2D33E9DABCC72A967F8E86805EB5CBB72E288E78D2D505CEF7C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=063202E9DD92DEFF5A680ECAAE0ECA3E,SHA256=AC86D4EA80E370BB3FB570D15613BCA85E7ADC1E54C32E6DCD9DD3FBCCF53C63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=CEE47201A125FA7F023290A36F866C45,SHA256=A9E484A97E7FA1A91D6D3DE611BB4903AE52F3675E3F2E18C615759112302D73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C669CFFDB12E512445214E46A659159F,SHA256=14040218A98D65DE50151F143897229A61223AEF68CD95E8F9578557B21A1E47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5D63FE66B074AB36C2487F030A554346,SHA256=11F1FD686CD06FFCB1E20AEA9AB723615A794CD598968CB61E7CD45A44007815,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=6FEDA1A4366053D5DFC8F03059B3C1AA,SHA256=D58CFFA6B5E57602965D04CAEAC1A264E2DAB0107DEFD6D81F1B9D1E305D47F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=203A38470B33FDA0540C7189374565D2,SHA256=4ADFDB4736742BD36A85D252E6A9DF89E606CAB0B01E82CED65A116A32247002,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.827{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4580CB991E03A593474DB1D82C26C72A,SHA256=271549EE53659D833FE6DB13D7B33FFD03999F59CF8C1163F281C2A52ED8C99A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.826{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2411901A6122F5E5EADD51F3B1B7FC84,SHA256=91AB342595F67EDFAF52E708A898FCB5D6940193FAC14E43105B312C9042F90E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.825{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F7F1CE9E4AEF690B4146E9BFE99218B0,SHA256=1DEA229808AE4D9600F74E90E8D4D918BF05FE3FE83A01B1D81A31BA7A52F87E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.823{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5DAFAB4A9D0EAB78582264C1358F668A,SHA256=ADEE47B3AF1109BAFAD9A2B53AF4E46EC20CDC9CF3402A07AB5E2C237AC02F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.822{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=48CCC22B12F02A3EE52D581B0130139B,SHA256=1F761FA4AFD0AF020ADE642D2DC8660D118B55DAE9D5416255C57D028ADC501C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:26.358{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2008F5AEDE37E8842375519E55C6BD75,SHA256=7D6201077D405EFA6CF9E15192C50F38F8C9A72F557D441392A66A598D1AD30C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033581Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-316E-60EC-6405-00000000DC01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033580Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033579Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033578Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033577Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033576Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033575Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033574Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033573Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033572Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033571Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-316E-60EC-6405-00000000DC01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033570Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:25.999{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-316E-60EC-6405-00000000DC01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033569Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:26.000{50946567-316E-60EC-6405-00000000DC01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033584Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:27.702{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1ACF85BA063EA188053E4E0ADC490009,SHA256=AE3DAFD51483192AEB03BBBD50326DA6119056271E48B0CA86E78A7AD1BDBA0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:27.374{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E524C690517D460F925D3132BB029BCA,SHA256=5998D1329D0E0B26521BE0A41D213BF466F279883D600A41EF32D66141DD362F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033583Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:27.014{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=953D43D3E12A41A421C48DB87E809E68,SHA256=61837AD1C7C1C6ED283252E8EC9C74E3328374C6FF8896492D77A313FFB18DB5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:25.344{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63485-false10.0.1.12-8089- 10341000x800000000000000033611Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.952{50946567-3170-60EC-6605-00000000DC01}17402536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:28.389{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99D153B78E45F2A00E5D8110AC17616B,SHA256=283CAA84CC101125088760ECC0DD5108BBF0DB670FC4E69C7AC35D853C0FE3E8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033610Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3170-60EC-6605-00000000DC01}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033609Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033608Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033607Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033606Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033605Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033604Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033603Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033602Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033601Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033600Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3170-60EC-6605-00000000DC01}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033599Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.764{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3170-60EC-6605-00000000DC01}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033598Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.765{50946567-3170-60EC-6605-00000000DC01}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000033597Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3170-60EC-6505-00000000DC01}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033596Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033595Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033594Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033593Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033592Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033591Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033590Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033589Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033588Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033587Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3170-60EC-6505-00000000DC01}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033586Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.264{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3170-60EC-6505-00000000DC01}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033585Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:28.265{50946567-3170-60EC-6505-00000000DC01}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000081046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:29.544{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-089C-60EC-0100-00000000DB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000081045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:29.391{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29ABCBAF09CE89E50CF8A9C4735CF06B,SHA256=94661974AF769098F809AAB595127D92ED16B4EB385DA04314BA9B8B2577B2E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033613Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:29.280{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F9DD25911A859DFE93E8CCB170FD7DE,SHA256=D14D1E052F24EF949B0ECD1732F6E929EAE446BEBEFCCC7971A49B7A350094C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033612Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:29.046{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=178CC99E6D8A2B42D3E0E1E0A06C242F,SHA256=F8A463047DCCF79350CE5D800F35CE1A5FF515BB0988E51FD112A27CFFFB1D76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:30.559{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4231370525A4FF037E416B47A0606A61,SHA256=BB47D1B5F1E26B283CDE7100F8333538C8562D57D90CD53E4057C4C4F33BFAB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:30.559{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C833A4A477D7F8F73EAEC3BC3A930CA2,SHA256=B2570A938E3B06A1DB92130A4A1FD3451D527076EC3B3C02370C0268B3C97D7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:30.406{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8156939A29E03E3A62724C53B1E0B53D,SHA256=449AF52536FA680ED4023247E71E70446DFFBDC35BC4540AB5390D51D25CE993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033615Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:30.186{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EAD42EA5E2A0D0EDA974ED6F4AF02B9,SHA256=B59F1CCA1C72685DE8C5E9ED52E3167FF8F2E61D1F71BCC2498412FB18A42D05,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:28.212{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63486-false10.0.1.12-8000- 354300x800000000000000033614Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:27.597{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51665-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033616Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:31.421{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A108A5C5C329DBA76986FBFDA8D56F94,SHA256=3A5CA4F3EFE0CFC816D831F38B8760FEF3AB118CF76C6DEBAC0D3834CBF448B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:31.425{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCD114A1C2B150DC4212582186A5BBF0,SHA256=42F9A1ED23F0A57374A94AC9BFCB64C00B04552F3B9FE72A257FF27A80C34D48,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:29.684{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63487-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000081051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:29.684{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63487-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 23542300x800000000000000033617Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:32.655{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C399056AD2DA34AD7CD46E250A9FE161,SHA256=58BC78A1F774A53C01BB810CA16B7F6B9CAF1B5857000C7CCAD2E8451FCD7387,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:32.427{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6087CC7E4E84156561275F6FDE1E409F,SHA256=DF133B7E38E1C67916C075705E82233FC1DEBEAE174DA09FEF554A4022E35EA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033618Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:33.847{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F90451BE7DB207DF90D032829A82D38,SHA256=614EE1733F04D0BCF5C7DB64F057B0F4F07914291ECC4EF9380FE9635AD62DBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:33.442{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BACA9AA9867D47394652FA9CFD128222,SHA256=E91D0AE8E485CD98114774E0E6C9AF1C5B80AA01A2DBBCF0B51071A9E5764798,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:34.473{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66EB8276B20271E5CCDB7AEEA644A3DD,SHA256=8389869FA9305E5766C0879020AC957A91095F9DCD67A1B2C12FBA5B4BD77DDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:35.474{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D42B9207534001C88F6F4BE2AF056EE1,SHA256=DBE3F954966C7A2CF533421740FC6D35BD6EC71AF7C8E495D786CDD0707FF107,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033619Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:35.082{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F48FB22E4482C2EE06DF04DF9290ECB5,SHA256=FF50CDF14AAF4E79D766C89295F859550E4FE66BD969FF5E6C4C6C572F0BA274,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033621Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:36.316{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D9E3A1163C7B836E5450AA472EABB1A,SHA256=E4060460EFA9F63DB9D01DA48C6B98B315C0B235597956866939818C3DAB64A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.973{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57CE46F2B8C92681FCAEAAB515DF7ABE,SHA256=DBD5998E3B0F161B8BB08410CCA8B1EDA3B353829272FB23391E8D892AC8093B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.604{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-0C00-00000000DB01}840C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.589{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:36.504{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D851D7F95750C83672349277FE9A4A08,SHA256=167BD5E34557CEA0435F8FF19F514822D154772E25775FA5025055553BC3FFE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:34.197{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63488-false10.0.1.12-8000- 354300x800000000000000033620Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:33.492{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51666-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000081132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:37.525{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC494130A24C450E903E8CC76E322E15,SHA256=ED43B467F4E6146517ED4161EC5373AE6946681BF5C80B2E9C5ACCB155722E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033622Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:37.410{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0433B77109186544A7D40CE5C18EBDF,SHA256=C6E881EA8A19657FC5CE789D71E73B05399AAA58549EA09A82E950A8A4C2F66D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:38.540{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19302AEF532319B4B60AA1D35E3F08C8,SHA256=95174A670AD6F819678A2314E0669CFF8492D535C43865CCAC41C1753BEA334C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033623Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:38.425{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72012064ACB84F89C25B0502C7DAA1CF,SHA256=B6D568EC5BACEE9E77CA5E52FAF2C75DE0DB241F69DEB7FCC54BC49E0AEC9080,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:39.555{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33E9254F73836AFD995C5C4812700338,SHA256=51DB620144C4F8894C4E9BE8CD3A355C24CC24FBD0FF46A432AE6F7B92E8F8BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033624Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:39.441{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4F6DB7FBB128CB60554540F345E99D2,SHA256=7FFE1C6C1F34921FEBD6A0C193283DF2B37658C3B4DC434696A2CDC6F828EA7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033625Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:40.441{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49908A3030098CB85DBF6C0D26D42A60,SHA256=51616FD6B09030FB2FA47D6D75C1528122CFC43511FCB8385085FA829A5599BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:40.555{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FCF82F0DFCBC295DC46B667132BD254,SHA256=D55D65106599482B568040B5C7A6331C99473C28C748417C7D63DB949BA40223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:41.569{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0100DAD140A237D141540161A281EF99,SHA256=97671F7547D65713139F49B68A17DB0DBE4B8373810105E80E9A93FF5084DABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033627Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:41.457{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51D3BDE06642BAF6F9CBDADC397D8B95,SHA256=1E4B0C341D44CA4052E70D535EF78810B1C12B9E646D9B2F661884000B8CB33E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033626Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:39.508{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51667-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000081137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:41.285{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B82A9EFE701C5C5D150CB90BF0E6CA11,SHA256=47CA6E58079746313ACF5BCA4EC87EC3C9A3DD1D656D1E7DF593A6F9B98542C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:41.285{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4231370525A4FF037E416B47A0606A61,SHA256=BB47D1B5F1E26B283CDE7100F8333538C8562D57D90CD53E4057C4C4F33BFAB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:42.585{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B59B88DD6E8D3CC88B88A7F3C589AB26,SHA256=984F5A381765FCC98D30A55961B16EA92DB3A41DD98A20C71230BCB1E4F4FEFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033628Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:42.472{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5BAB783C32333DF61757F430D8D6481,SHA256=AD46A8B4C016AC2CD5B1E6F44699B3CD0E131B010726505162EE7A0B4D289749,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:40.179{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63489-false10.0.1.12-8000- 23542300x800000000000000081141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:43.600{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4534933FE569A1C31271C9012BB805D3,SHA256=2B967C5C64617E083E8C4CB2F9B08A997C03994D15E14AF197F901ECF760F458,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033629Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:43.488{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F0E7A399B232804B070DA5B99FD3B57,SHA256=32691E4DA01C0729ACD207884D208E5D290F49634527C5B230EAB3CBCCC081ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:44.617{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B02EF400CEBF56F822C4CEFA23F8511E,SHA256=15402466666CDA67ACA2C33C300BC355BADCC73D0F9D345F451F559B217BCABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033630Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:44.504{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90F2B068111F112FC55A490365B33628,SHA256=235D3DAA156D7FF6BEB2748EAA9FAEFBEBEF5AC86EEDBA6694FD3E67F74EDE8C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000081164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000081162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000081161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000081160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000081158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000081155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000081150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.983{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.651{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=762DC4711222B256E7C36401FAA05172,SHA256=9984BF439FF078BBDDB772D5A43366029C52C48B6D5172440E8C94A1194FEAB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033631Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:45.722{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF6DD028F6D7F55AC338F650A482F571,SHA256=4198EAC536A87D57ED53722F9B2D634054839154322A30FC131DE7D1DF2ECB03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033633Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:46.957{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58F425B61DAB619743F5E1FDFB626825,SHA256=9EBDE672A3F3E7BA3EC3FDF378E4E60820E0B1550D792DDBB98AD821909A7B13,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.944{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000081222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.928{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.913{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.913{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.907{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.906{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.906{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.906{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000081210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.906{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.901{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.901{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.900{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.900{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000081205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.900{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.899{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.898{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.898{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.897{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.897{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.666{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000081198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.250{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.250{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:46.250{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000081195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000081186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.998{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.982{8057F119-3181-60EC-5B0A-00000000DB01}9660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 354300x800000000000000033632Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:44.539{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51668-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 734700x800000000000000081305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.901{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.900{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.899{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000081302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.809{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1B06EA8F712ABB949B3B3E9D62BECB1,SHA256=72AA63540828B25E300DDEC6F0CA0B4372EA60511C424A43B53FD13249A84A8E,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.575{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000081267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000081260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.560{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.561{8057F119-3183-60EC-5D0A-00000000DB01}7832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000081253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:45.390{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63490-false10.0.1.12-8000- 23542300x800000000000000081252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.191{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4999E59AA32C130A89348C4A8E9EE28,SHA256=2B998AA2ED755C3DBA77C29EBAE5DEC871C8501547132CACED1C5D303373987B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.191{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B67D339E7F56A4A3F76A114328078A69,SHA256=F023F6C94B8851DAC864D795808AC4A2053692D23C6719B0DF8B8B1AE20B08CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.191{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B82A9EFE701C5C5D150CB90BF0E6CA11,SHA256=47CA6E58079746313ACF5BCA4EC87EC3C9A3DD1D656D1E7DF593A6F9B98542C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.145{8057F119-3182-60EC-5C0A-00000000DB01}66448780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.145{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:47.145{8057F119-3182-60EC-5C0A-00000000DB01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000033634Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:48.191{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70BF5DF5CBF254FF5DA7B88E5836A923,SHA256=C1D3D74D9876BD2525517A6751AFCB05A346B52B774A7E3B61A263AA1835D3D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:48.577{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B67D339E7F56A4A3F76A114328078A69,SHA256=F023F6C94B8851DAC864D795808AC4A2053692D23C6719B0DF8B8B1AE20B08CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:48.046{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BE031328FCE97A751D6AB159F017A87,SHA256=F185C637E7788092F620A3D57CCD6DC569C22C14ACCB2787F4DD265C8AF5D936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033635Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:49.425{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5475C32AED71E6E05E9B020B55EDF111,SHA256=E9B8FA9FF69CEAE36A6C4830249E2C37FB21030ABE44F8F151F315B8C9B69BCD,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.942{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.942{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.942{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.942{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.926{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.926{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.926{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.926{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.926{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000081372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000081366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.911{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.912{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000081359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.554{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000081358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.553{8057F119-3185-60EC-5E0A-00000000DB01}6169784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.552{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.551{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000081355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.277{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.261{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000081325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 10341000x800000000000000081320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000081315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.245{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.247{8057F119-3185-60EC-5E0A-00000000DB01}616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.061{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D83DA274688388095C589EA6961C80F,SHA256=4B475B114890B6B823996EE8AA37E5A92250F70DDDF92F8FDFDD31192D3D8A8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033636Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:50.566{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E89D287349596700B9C2879EC699EDD8,SHA256=30F0AC0FF467C40354AA7419412268EF5A9F80F3EAA4CAA06CFB2185D8EBDFF8,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.707{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000081464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.706{8057F119-3186-60EC-600A-00000000DB01}97048404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.705{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.704{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000081461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.448{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000081421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.436{8057F119-3186-60EC-600A-00000000DB01}9704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8E4933F77DCEE23A86AF44A0168A2F7,SHA256=8C25D4BECBA126317EAE67A7BA8B99F30E2A6C9D461CEA053214B966F7FE6981,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.401{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16B1A157DB9D58A6B1C6771AE2C046A5,SHA256=9E29CF559131DBDA70439455297C40361D720A8FD8F65CF24529166231551B5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.401{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1580D061EA94C3C0C15436C5FEE94A1B,SHA256=4BF3BA27B703FA8DE55F6AD5EEF36D8E46ABD2C541E835F0C012E25E1D71C339,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.162{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000081410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.145{8057F119-3185-60EC-5F0A-00000000DB01}754010036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.145{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:50.145{8057F119-3185-60EC-5F0A-00000000DB01}7540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000033637Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:51.785{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9296788B39AEC48CAEC65E20FDBDF1F2,SHA256=94E3B13291A2B959D0E9FBA515854469B4488DBEA7D45B19F9336979A52DD3A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:51.553{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C120058EEBFB6C1283439A0555948FE,SHA256=4CA6C6572EE4346AB14AD705CFAFB7E2C91EC03A7641610C5B08D3FAEBE58510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:51.553{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5617416E2AEF197C96F56D9111A5219,SHA256=5F16CC81DC06C6FDEB1C2B4D5AA49003F909338A3433520DA2139FFFE4E7A8E1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.934{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63491-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000081466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:49.934{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63491-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000081471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:51.139{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63492-false10.0.1.12-8000- 23542300x800000000000000081470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:52.484{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF13119F046DA09BAE6B5960FF07585A,SHA256=F9ECA21294A0AD01EB25B60E145F345CDE30FC232C1CE3EE3A46738455B5E6C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.787{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2390CE85E8EBAF2F3B932F64186CDE8,SHA256=4599FEA5A0D85287E62B711589849C57B9138409F0FF7FF3955EA58BA5BA52F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033638Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:53.019{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2170EA853BFF8768A50E7D79E9EFA664,SHA256=1AF09FC830DBF3E9D5359D2B2A5861BB96F1F28AD6493C592AE91EC209CD1157,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.426{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.426{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.426{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000081519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.238{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000081504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000081487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000081483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000081480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.221{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000081477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.220{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.220{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000081475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.219{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.219{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.219{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:53.216{8057F119-3189-60EC-610A-00000000DB01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:54.802{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A5E53F7F5453D2965CB40AE6D4C884A,SHA256=D0037878B3FCD7C4EC1D8339597863DC883E8931EC431723A4AE99AFC68FF23C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033640Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:50.461{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51669-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033639Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:54.060{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18DB76AEEC8813DE5921F8CE6935BB9F,SHA256=27A37A7247BD5792713F74F213B3A9A5ACBB83C61EA853304EBFF7518B902162,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:54.240{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EF2AA5AF14E93E764AB853B46F26F733,SHA256=CC5AD1E7A1173A5396D091D82E60745F5A67765EE1F45C752C16AEB88D6C42D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:55.839{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31DFC08D167C151A0399935209B132F5,SHA256=EC8A2DE735320B68548130AD0D2A257E0C519A16FC84BC894049921CD6CF26A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033641Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:55.294{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5435406A237DDD0ED3357A03B10F612E,SHA256=E58A91E28299788E9577B2BF3A79119008BC531BCAD5A87AC118DABF5E22CFFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:56.855{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8A0FE473595FCD5BBA80BD407F1BBEC,SHA256=F083B7E2050DFDA869B89864AC301D420266FC582C89C29455E403C949D0BA8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033642Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:56.528{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B07949061EFC2E8DE6D5D8F11FE7C80F,SHA256=59361DF2EE8E8D9DD7E74D763B32C65F3C0ED3D72A5D9593CBF49D12ACA22809,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033643Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:57.653{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16398F8E7A420826A2A0089A0F7F3AB2,SHA256=BB3FDBD66D6CBD06EDB7067A297A47044A09DE9B68701CC93CB921EBDF76EECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:57.855{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=301B514A5D969E05AA3DBE1067EC1A54,SHA256=B11D5B8CF0EB7132584FBE621556AF53E8D936A0D2113485E0C5D2AABD647BEC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:56.160{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63493-false10.0.1.12-8000- 23542300x800000000000000033645Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:58.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A8E5D244FBA4DEFDD6811C36DA19FC1,SHA256=AE40EE62A08CC8B9AE02982F69B37232AA5E0F90B88D5489E67E30CA4CF9BB09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:58.871{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D931456D14975807E2CE8D7390BC6296,SHA256=1B09A1304C24B155201D202EDFB9A28F3ECF1F42077144AF3317F1BBE8485E08,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033644Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:56.454{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51670-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000081531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:11:59.902{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=975A1A42C6C79D22649986F649071FAC,SHA256=7695F95734BC27952CB32EAF76C1FB244E1E3272280F2035A935ABEAE1DEADC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033646Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:11:59.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B15B9C1C4DD6552F2822B4C2C22DABF8,SHA256=6DA6828DC6C7434598F9C54CF4E2DEB434CAE32985DF09DCD586D4287BC55A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:00.939{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E4779648755CF471774E30DBBFEC982,SHA256=2C0ECAB54E6B52512CF1097A95FFCFE51352B6AF02982DAB351A2C8327193C2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033647Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:00.700{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38F1B786F5C5CCD04EA9C48377F5E484,SHA256=8C8E8F934F3AB1CBE1843A5B67C78B5B7A8F09406B10C40F89B855C57BAD48C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:01.940{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0B714B1EFEFB3590D785AD00720D4F5,SHA256=9286174E89908CF2A09DA601452153D50BE5CAF9C903108059B57BA71FC301D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033648Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:01.716{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39F60C0E3D76A04269FDB1BE1D07D95,SHA256=E681D763DA95955C8CAFD6B61B00F612F90F7CE50B75CFBA982BFEE7F8920A93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:02.955{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=576F80B8F5B9EFBCB993161370A05967,SHA256=86BB203A89403D21E0E36C07AC5C4AAB471AEE3705D7BEFCAEA0E3EE6180D801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033649Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:02.719{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68B132F3E2E6F3C540AB1EC9C58DAE50,SHA256=8929F0AEE5EC4AD6DC986FAC233CBD43C2C6ABCB50735593F6C74411163F3298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:03.970{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72BEB955C1DB71357BDF85816F97977D,SHA256=913ED7296DF05F455F6977665D40FCD89E19D9430859D443B52822FDC4790030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033651Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:03.732{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E788C92FD051F2ED00A90C802610A6EE,SHA256=EFEFDDE8C205419638688D4AF1C2BD530C838647A7758854B12E79573986D2D7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:02.178{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63494-false10.0.1.12-8000- 23542300x800000000000000033650Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:03.231{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:04.970{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4ACA3B5E43C719BB3EF6B7A325EAE94,SHA256=EB075B93DA242C546E6A7FCA97F00F0949A1C6502EDC4BC6F5A21B8065CA817A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033653Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:04.747{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39EF3782B35F92551BA7A4B28A9B6AF3,SHA256=B733F097BD352EAFA78A7649C52367C2C61EA058DBB7C8C8134E2F48D117BE0C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033652Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:02.454{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51671-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000081538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:05.985{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5EBAA6CFD80D60CF44E6FF93842198E,SHA256=750FC6EDE27F40AB28A56DE90BDCD0EB5DA40380BB5FF3318727F9134C7E7021,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033655Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:05.763{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB49F783D57AF764025AF9438022FEAD,SHA256=D66292BB31D8A7122EC4F8F7D5019CD4AFAC86A8E1415FDCDBE5969E9EF93E3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033654Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:02.580{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51672-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000033656Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:06.794{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06F1250B97644C1C12EF44A82E2020B4,SHA256=511C8C6DF9F46319EA17AA02C3EC5F137ADAF467981782F1614CD077951E495F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:06.985{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=037BB53ECF4A19808F31DCDA33D4DE4D,SHA256=9E03C077ACE9D9588352903491305248635B00C68DBDA88EA926CA4DD57755F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033657Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:07.950{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90B13781F1D169208B8DCB73C1B8F4B1,SHA256=3E5051B97238293190C4427FFFD34BBA589E7928DBDFE0FC26D79F669B957A5B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:07.356{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63495-false10.0.1.12-8000- 23542300x800000000000000081540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:08.000{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE3261A166562856DD5783C05B019413,SHA256=0C2B6CF9254E7F1C7F5D00655573F1F4D500ED29203EEF01A84076DA10BE1BB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033658Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:09.185{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F1E8D8CCBFBF25286C79994290496A8,SHA256=C4CA0A159058A7BB426533E6000048C8B092BC9A99CEECC8080EFBD87040F4F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:09.001{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E13AD2CB6B98CAA032EF194CDB41F297,SHA256=C48F773678EFF036DFEC1F04C2B9EA9D4AA76520F2CF4F2A07BF43DD281FFB2B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033660Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:08.470{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51673-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033659Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:10.186{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAE19DD9068694DA97645B0BF98FC4CF,SHA256=8F55A94A373E9AEE1154A6415B03B6CD91CD13F902B4D03AB40F1AB0E5D4228E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:10.022{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC210AB51F54D462373328BAD9E4E384,SHA256=13111814F8845E4C0CD1521985DEAD57DD761F7306011D36B82B5C8FD423E6C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:11.036{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68B9E669B523460B10712FE9E4FC3DCA,SHA256=B9D95E62B917EE8D593E24A32E19D3378A09BE9AA1F146F158F594400BD3CE5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033661Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:11.198{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC035F21D00094A3264F29EC3F4FF2F5,SHA256=8206B2DF1729BDBBE72DC13431398CE865C54FC89E9C69D7A039B1413615EF61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:12.067{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FA533294F4FAECF462EA209D5B83275,SHA256=C9545A0E5B910A82995B8BD0DEF69F43613D76E505BFAFF0D182E576B1E041A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033662Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:12.205{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FEBCCABB817C562F06E760BE654470B,SHA256=26C3EF132E1A9D58FA009D48FBD136FBFDA9F4EEA88E4BFB859C4695A00EF008,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033663Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:13.237{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB508494DD2136E13F3808B173745850,SHA256=0B08F46CC601E3FF859FE8EC520B25EB6906E6802581A80CF80CF36A86236BF1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:12.390{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63496-false10.0.1.12-8000- 23542300x800000000000000081546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:13.099{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8F45FDF1E89C0B529402F27AD8A74E9,SHA256=64802307AE09BFA95CD484742518631A6046B26A693F05B3795B2B6EAACD2A17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033664Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:14.247{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13D6178CE8F8F6243F16A80B4574C0CF,SHA256=40941E2082B4FB299A2CCCF9324F49D71F15B368965F0383B7A270138D55CCAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:14.118{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E144CD9579F194AC8A9B742CA65C182,SHA256=8D84C1729F4118D8CE7327EDD5C4FFBE3749F55E9020842C10EEE187486A7BA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:15.136{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93083D75657568551F6455B51669D93A,SHA256=4AC5F3B0082B30A1FBDC59EF295D8D85A681B16135E9951A3AD33095CAD236CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033666Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:13.517{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51674-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033665Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:15.310{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A2F95F67536929EA0BBF86B62B7338E,SHA256=B8AA35147C8F6D77F181FEC20265FA721C5CA51B3D42E336C3898A7192A0EA70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:16.137{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1BDF6AC95BA2215245D443466D4FAA1,SHA256=B33029C18DF27629B15AEF3306C1DE0DD45A7EBFD15C40EBA278B2FCB0A66F38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033667Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:16.341{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D689F12D2A737A07D056CBFB5B4C841B,SHA256=4F4ED8FDC3F17B6D89DC77D231C287F14287F4F871B670A5610DC435EB217FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033668Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:17.357{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=611B882F4EB46DEFE1D0C23E0D2AF4F1,SHA256=6B1009382F446F22BF344123411C8A1457089DC5C9647EB7ACC4E9EB526E4845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:17.137{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAACE3859859E053A6AAA830FB6E9CCF,SHA256=04838E723DDA4EB93FA9F2C19C4F108258B9ED677DCE853ACF09D62DEF95922A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033669Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:18.372{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3277ABC7AAAA2D329DCD658BAB9E72C8,SHA256=1AEF1B34EF6E13F8A60A57BCCE1711FFB448F95FFE32CC225EA94FE6C2109D91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:18.152{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A53351E06F49856260779C347D62D24F,SHA256=A5357D5BB9C9C4A8946F2B13E42936A61844804135783955DAFA45718CBF7CA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033670Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:19.607{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E51E0BDC32FB0073062C03AD92EAAEEF,SHA256=294CC26FC0303A08E13C7188B0E2EFA70FBBA8FBE10C92BC04CFBCC8216C6A49,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:19.966{8057F119-21BD-60EC-4B07-00000000DB01}58805636C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:19.966{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:19.966{8057F119-21BD-60EC-4B07-00000000DB01}58805064C:\Windows\Explorer.EXE{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:18.192{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63497-false10.0.1.12-8000- 23542300x800000000000000081553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:19.167{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92281522BAE5B204ABBAE4FA5D8D41B0,SHA256=722315ABDCCD4C688B7A6737A2D672BFC4317D7E63A674B5D9F3A7C06F92A8A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033671Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:20.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC5536EEA9BFE9E151F946233A5EF32B,SHA256=9544C4F95BBEF678C4E8F7011E253C81E7CC628DFCCB4D5530FD6335FF6DE10C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.784{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49E4902DC4A554859D761A376FCE65F6,SHA256=8CD9E6AA310D9CD2B7CC6586C7EE0790D18CA9E9E6983EEBE84B1788B35D7BF0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.784{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.716{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.699{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.699{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.699{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.684{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.668{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.668{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.652{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.652{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.636{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.636{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000081600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.516{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.498{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.483{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.467{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.451{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.451{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.436{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.436{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2F45-60EC-EE09-00000000DB01}10088C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000081586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.383{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.336{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.336{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.320{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.320{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.320{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.320{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.318{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.298{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.298{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.298{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.298{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000081574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.267{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.251{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.251{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.251{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.251{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.235{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.235{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.235{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.235{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000081565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.220{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.220{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.220{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.218{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.215{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.213{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.197{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000081558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:20.182{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE8C981D4B8FDB2474F21A9BD8AA8D2D,SHA256=CB9B3E4B9C385BCC22069DE42E4242BD1C8B5256CBB6C86E68CD610740AAC535,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033672Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:21.701{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED90F1C2483A5497CB388FF243CCE626,SHA256=E275E1ABE2CC0D8BB7C2F0CDA8411E4ED3F5A3B86B0FA52D477429E0767371BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:21.187{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7FDAD1718DE0E4F14C589F53DBFBD0E,SHA256=127C29CF59C3D29462B82AA0DEA0B7F25B71B5264AA3478C2A1D7DCD8271FD8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033674Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:22.716{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=205D03ECAC001DE801622FB9AD70A92A,SHA256=6789582D31EDE1112821685E43C03C8C8BA6A34E447074E4919E9E9AB6F55B8B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.891{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.541{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.302{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.270{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.270{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.239{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.239{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.202{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48F52BA1E2B7F51FF262C9F6AF2ABD69,SHA256=1657D8CB4B8BCC045315D050AF72705DA8AF5A3515583136A8F11B4862043FFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.202{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.202{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.202{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.202{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000033673Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:19.501{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51675-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000081617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.186{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.186{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:22.139{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\permissions.sqlite-journalMD5=0230C73BFDD609A9D95058E451A6EC91,SHA256=0ECA8926BBB8832DAD0D4F2704F544F16BAC8EB04318FC2CFE01013CF93B45E0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033703Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31A7-60EC-6805-00000000DC01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033702Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033701Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033700Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033699Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033698Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033697Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033696Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033695Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033694Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033693Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-31A7-60EC-6805-00000000DC01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033692Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.982{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31A7-60EC-6805-00000000DC01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033691Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.983{50946567-31A7-60EC-6805-00000000DC01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033690Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.748{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7DF33DF945D3B1C33E3BE106C57C70D,SHA256=39BC179A44A7AA0CA13F3F8A514E8F1123225FB503A48B62519B4DE1CD52B80F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:23.206{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B530F475ABA2FD9714B67C779727103A,SHA256=A0163739D9EA338E08AFFD48E4C25415C65E1BCF4D6DBAD3408E21A4E6169736,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033689Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.716{50946567-31A7-60EC-6705-00000000DC01}24841724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033688Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31A7-60EC-6705-00000000DC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033687Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033686Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033685Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033684Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033683Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033682Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033681Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033680Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033679Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033678Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-31A7-60EC-6705-00000000DC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033677Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.482{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31A7-60EC-6705-00000000DC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033676Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.483{50946567-31A7-60EC-6705-00000000DC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033675Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:23.466{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BDC0FD19E7768812385DAB85C38D2E9F,SHA256=63EFE262492E1A73DD07DAD1043B99B3103C85FAFD153C30E60FA1A90F330727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:23.059{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=C8036F0A2C44C7C412F3443DAFF832DF,SHA256=7C8024E79EA32CA6140710CB7A11FBE08DE12232C50DC25B0280DD18E86AF551,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033733Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31A8-60EC-6A05-00000000DC01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033732Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033731Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033730Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033729Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033728Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033727Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033726Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033725Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033724Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033723Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-31A8-60EC-6A05-00000000DC01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033722Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31A8-60EC-6A05-00000000DC01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033721Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.984{50946567-31A8-60EC-6A05-00000000DC01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033720Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.982{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C6021E7B563488E1282D63657F690FA,SHA256=E3E3230EBF87BACB5B0553C0E1149086663445467CB12F08ED0D4568256A1C0D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:23.199{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63498-false10.0.1.12-8000- 10341000x800000000000000081633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:24.804{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:24.222{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56C6443D193B6B22F78162837D774E07,SHA256=4D62DA5B2705B9250FC6D42043BD3E5B55ECD9D207CA69BAD5D8C868E2D6E59F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033719Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.639{50946567-31A8-60EC-6905-00000000DC01}33841852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033718Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B5AF86A2ED0EC813A14A40EF7CED9B5,SHA256=D542161FD2CE9351DCE10341ED82EB7BE4940CF548803E5578E96039C92AE814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033717Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EABD62BAA7FF161C1E32D7278B460336,SHA256=756523687832013F5BAF4C8E37525CD211690DA77DA41047CA152B94ADACA05B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033716Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31A8-60EC-6905-00000000DC01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033715Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033714Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033713Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033712Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033711Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033710Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033709Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033708Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033707Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033706Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-31A8-60EC-6905-00000000DC01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033705Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.482{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31A8-60EC-6905-00000000DC01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033704Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:24.483{50946567-31A8-60EC-6905-00000000DC01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:25.257{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:25.257{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51D420BCDE680AAE51A6F7245C248BDA,SHA256=C9780189180BFB38624E32F3664B050F14CB7195B4D4802829264CE2D6FF65AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033751Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.841{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033750Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.841{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033749Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.841{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A81-60EC-1300-00000000DC01}772C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033748Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.810{50946567-31A9-60EC-6B05-00000000DC01}10923528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033747Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31A9-60EC-6B05-00000000DC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033746Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033745Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033744Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033743Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033742Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033741Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033740Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033739Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033738Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033737Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-31A9-60EC-6B05-00000000DC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033736Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.622{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31A9-60EC-6B05-00000000DC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033735Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.623{50946567-31A9-60EC-6B05-00000000DC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033734Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B5AF86A2ED0EC813A14A40EF7CED9B5,SHA256=D542161FD2CE9351DCE10341ED82EB7BE4940CF548803E5578E96039C92AE814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033753Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:26.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=157D2C6F176B351634B7BE10937A500E,SHA256=DAC76051C9C17BB02EA550A0272A8C4AA00343D1021EEB33B6CAD7C9E736EFB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033752Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:26.247{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0D2C60EDDABE83E954F3F6A85D79E10,SHA256=405177382C30255B686F9EC0B8E8B14130DFAC9A682FBE3547FEFFDDB703D671,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:26.271{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=869BFC7A0CDDAD362AF909EFE4BE24E1,SHA256=2C5CCE8501E6CB74BB36FDDDD4C9FFB88676D195C8EFC5BCCA79F6DA97705C37,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:27.985{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:27.739{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:27.654{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:27.286{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD154A31563AA1A009821A35911EF684,SHA256=83B21EF646397E609C13D8098E997C53927AC9E342BC9DFD5E444C5BC22386B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033754Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:27.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A30D59824F432763A77ED248ED940EC4,SHA256=E2598667EFA6FA17B0CDE4B3FBAAEBB14EEC582C5257A065E48D89A0A56569DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033783Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31AC-60EC-6D05-00000000DC01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033782Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033781Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033780Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033779Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033778Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033777Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033776Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033775Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033774Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033773Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-31AC-60EC-6D05-00000000DC01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033772Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31AC-60EC-6D05-00000000DC01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033771Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.951{50946567-31AC-60EC-6D05-00000000DC01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033770Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.545{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE0A7A243597106047D764B198E7595F,SHA256=5E360A5C189343221CEC730140C64ACE5281B522DFACDFA30A75AA5D3ECA1AE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:28.369{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:28.301{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2B41812BFFE84BB90C96A151DD233DF,SHA256=08D18C0D78BB61D4BE69467AAA316203AE1AEE12A3EBD10ACE0B09D9FCEEB570,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:25.381{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63499-false10.0.1.12-8089- 10341000x800000000000000033769Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.451{50946567-31AC-60EC-6C05-00000000DC01}10723600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033768Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31AC-60EC-6C05-00000000DC01}1072C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033767Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033766Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033765Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033764Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033763Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033762Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033761Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033760Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033759Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033758Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-31AC-60EC-6C05-00000000DC01}1072C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033757Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31AC-60EC-6C05-00000000DC01}1072C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033756Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:28.279{50946567-31AC-60EC-6C05-00000000DC01}1072C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000033755Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:25.486{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51676-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033785Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:29.685{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2FF955250997F85B7A02CB77C12BC9A,SHA256=C6E6D0A3D4E51DDEF19C38611CA189FD7E0AF4EEED8B6AA4BE76FBD13E354F63,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:28.378{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63500-false10.0.1.12-8000- 23542300x800000000000000081645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:29.320{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA95E7B613A0D190FE569787F005B73D,SHA256=A69016B1DF1058F061D2697B2DCC6D30ECECF78CC69BB81E1A5B483BF57E5EBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033784Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:29.294{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22964CD934E2C16CBEE7D82B7F820BA1,SHA256=9042B2D420302850EC0678EB914762717FAD7B42FAC9C80F1500B190E3E963D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033786Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:30.919{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28BF43E208396821A9A6F194B3383EB6,SHA256=9BEACA0C332E72C88F3C980CDAE899B0C6EEFD0D6AA6F42AF0C39BF981FFF441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:30.337{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687DE105D9F76B6BC02BA521822C4867,SHA256=6B4DD2144CFF5AB46AC551F4510658233150ED22E7F64CBD7A1815F130462171,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:31.417{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:31.352{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84CEA3F5AA5DA8E100C54BA19FCCAD5F,SHA256=8A8E54794254D609DE707BD5B0A5663834FC68CB9F63E25D3C0E0DE26C16948C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:31.299{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:32.367{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0ADCB1B6810CF3DC4582E0DC70A8D61F,SHA256=3D18983333EE76A3B6653E317FA810287A4752FE0050414D1EE78BC714AB776B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033787Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:32.029{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EA9BE42BB3D867271A6F500B5A12ED7,SHA256=B512487CB24AAFC8F29574DFDB51B056BCF21BE72D3E30F4489367F8F52FE2FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:33.381{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BB80AADE10A81F00CCE1FA76F2E848B,SHA256=FBF906F6626D4606389899CDE299FD750A75E0F296492179115F042369A919CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033788Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:33.044{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=705536F388A706B8D4DE156EEFB43B05,SHA256=76F7A41FA9C093F14EF41A8143905B68E4ECF13871619A066173A23FA4A9864F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:34.382{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B9310CB37BFF2B1789A29430ABAD761,SHA256=F2BD1F44E71306A5DC8BB6DC5003BFF9C69A59A726A3DDDE5CF6D3755C19326D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033790Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:31.486{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51677-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033789Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:34.056{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E8EC0C9FF3C390DF04E5A586BFE83CD,SHA256=99959285A88605CD29E56C661A0E8E684122E4466D6C1A2F6E33B78D7075D173,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:35.397{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EEFD278601920AE16C51055F6C87E71,SHA256=3B6244845E198A58676FE46F1C9415085387089E562718F7BFC3725991F38384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033791Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:35.071{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2517B97A7E5873ACA9F10565FF3B5D1,SHA256=9700645C89D30E105422C36C36255CE15F4E44E2C46B7B175944256AD8E746AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:36.414{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85436CC19988DEEB0FC55D0962F2223C,SHA256=DCF2282F788B1683B897E672FC8583D8B954DAA1474DEADDDCB930ED4EDD5A86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033792Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:36.087{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F556576935C6B70C2A38F18696A83DD,SHA256=6DFDAB8DE43EF648B7939BCB7ADE5FC04A93BE91643353F470F693A74DE4BB43,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:34.189{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63501-false10.0.1.12-8000- 23542300x800000000000000081668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDCE53D067B91767B5DA4F55E4A393D5,SHA256=C32C0007D62F1B6AD6D3497D10F677D91C914B7A8823ECC75A2593F09C33680F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033793Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:37.087{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3229B8FB4CF4C9663D6243001044C0CC,SHA256=08654E1D5B840EC9F5F9C0355B8D759611202D31694370E9B0FF089895F04CD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7F44394C98356EF7DB2E20B568B73447,SHA256=1523D64DD9B2316F37BDF61D73A43A96C4C7798E16512CAD9029340C935B9BDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=589E8CF19D690DC3662C073418CFED33,SHA256=B40C4DB4C7CA12DE7DD0E9F136958D0415CB77AD2DBA36A8C45A9E0334A94FB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B061F12073B5230BFFDBBC886EED51EE,SHA256=9B9475C3086DAD2168C85B71155E5AC44C52C33E89F9E6A834CADF56360BC470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C1C702C517E74BCD42F37A58A07BFB84,SHA256=87A1A737008B3BA15768D8A5BD3570B2DE7C423E9511165D6D86F9908F94D9EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=1B11E8C4B5E62B0EDC7D67C8915AF415,SHA256=EA7788F5DA011D1B04367EE7467B3713406ABE9C52527FEF9C11EC752264E321,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D99977601230068B350247167CEDAF62,SHA256=4432A8070DBF78598A547D53C3F7ECDC4AC577288B2CD9544A287BAEB1A36044,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=35C24520E7BCA4CA49D7D9D8AC0184AD,SHA256=18B7B46D8048B8B17561581D24CFA22443014A3675964ED1DC1CFDF5043EF1A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D700CC1E36C2E42179CB371463CA14DF,SHA256=86B3FF2C2A8E37091CD3330F78EBC72862C36F110695AFD4ADE2E083C839D946,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B66D3786F2F3D3371675DF25DAC86A5B,SHA256=ACD00E1469EF8D42B82BBB5F4A6BBF6547EE3D850B006F8A064FCEB5945AC514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=FC938B725BBCFF0C5DA36336D97323C1,SHA256=0B9B3EE68AA7470CE5114B8A001A1637A4E4961110D8ADE46C5B04A385B666FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.248{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=573CC988892AF469F8BBA6CB2D4FF5E2,SHA256=3505274C90E65B5A7961198C34228FB33A41BC75156A3B6CBE54BEF0A5518DAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033794Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:38.103{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=162B95932A282DC28C9D467E8EE97D0F,SHA256=64E002C19FD80DF873B350CE3F002AD487B0075417D7744ED34DB7AA812B9E34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:38.448{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0110BCCB0D17D6B3F99C0253F9294F39,SHA256=1889074D1EC075D22F6FFB0EF17ED5A045897EE5978DDBBB25B6C040331FE4B4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:36.973{8057F119-08B0-60EC-3400-00000000DB01}3364C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63504-false169.254.169.254-80http 354300x800000000000000081670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:36.920{8057F119-08B0-60EC-3400-00000000DB01}3364C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63503-false169.254.169.254-80http 354300x800000000000000081669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:36.919{8057F119-08B0-60EC-3400-00000000DB01}3364C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63502-false169.254.169.254-80http 23542300x800000000000000081674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:39.463{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=455CA8374B760B331BA05AD82C30A78B,SHA256=2F4FFCA3D8371EB6424D405C86C586D3C3798898B2A9D8F1EB0E19E351F13525,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033796Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:37.450{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51678-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033795Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:39.118{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5C941402C59331A14E0F198BA73A931,SHA256=640FE94A6682B5D7FC5F940E74E259E2178163380377847D20B5902A5E850302,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:37.072{8057F119-08B0-60EC-3400-00000000DB01}3364C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63505-false169.254.169.254-80http 23542300x800000000000000033797Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:40.118{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EAA8E3F3A9CC918FC7CB833818DC1E1,SHA256=A83D3ECCDAE17DC68F1D7CE42E36000565630AED7BA5CCADE7FB8BF70ABB819D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:40.478{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF0DFFBF4C46E83B8D94FACC6DF84680,SHA256=B67D4D47D87E223AD1EBFC8B73A9849DC9F36DA7F479F8C5C12604F7B8394594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033798Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:41.353{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08A069FBA8CD2916742B556671E50361,SHA256=17BDD8A5F876228EA6D75213AFAD4E4BEFD5C8E380AE5B08735CCAE8FEDCC459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:41.492{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71BB889BBD51238C9FC5AAF3064F5F86,SHA256=68211C65EAFD1F6CE070A44A19BDF053906E2FD1C1133E0FC378D52C903FCC21,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:39.250{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63506-false10.0.1.12-8000- 23542300x800000000000000033799Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:42.587{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D49474B6CA5BF24C4F6B0A9A90B9129B,SHA256=5752F033D292A59A0121ED003C407AEA1F8261DF1B9F9601D4B6721EAA6C61FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.528{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2051EE672524DA8348A5108CF0B92535,SHA256=18AC512524CDBA865C5A7CD9D202744DA9E03C44C05AF9F82CA1C1F83DBA6171,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.276{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9E9A4A94D60127288456F6AAE6E30855,SHA256=A6C63D9D47CBA768B999DDE25A302EF7503586015C620AB2B6DBE597938E1758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.276{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=33F5B9C3F1852DC927CC9E5BDE35727F,SHA256=71401112718EB1DA77932683A12DE9D38934149EA9CF0B837CB09D72130B3570,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.276{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B98B8C8B70D5611FB40B72B56367655D,SHA256=0059D35A4D516715D196ED4861ADD98A937DE9373170B1055628E09520BEA639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=ABC18FDBBF8E39F714BFB001FE7BEEC8,SHA256=6094E99069C8B4E917150360D74B92DC8DC768257EE4EC04B6841A6880B88CF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=CCEBDF5F58FFD7DE72CEF6EB45001EC8,SHA256=B4A9F6BC0C20F673398FFDDCECBA0F8B88C4D5956FA55D7B829A18776C3D3C51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=6C9121EDBB0A59EE1921C3C7DD19CFA0,SHA256=F972D5212F508799372455672080C57D914BF86504074DE5B466A21E60B3378B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2459ECA1AEC02741C5B817746C6CDE69,SHA256=1121CE7C9703A971FA065BD248422071057589371243EBB827F6AF4723702B79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=52970474503B22A63EF6674A909FFCDF,SHA256=ED5981A807F87766172D5583A664F0A6FC6341627E5232B4CE7657F2B08F1C09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A19C900715A96373425A55BCF5AEEBA8,SHA256=76B75478169E159F7C582BD3D108A127245C223E8CAE78CB820B87EBFC4858DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B7237A4C7AF9ACC487850EC037F4F115,SHA256=989D5B490B198E290C5EC9BEDB2F54AB0AC78E5241D6A12FEA61D73A02A8A3D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:42.260{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5A110B58A8B0A339DB79A0238769D3BE,SHA256=57B617020D5FB5CD0912681CBCFC1DAAB22CF9CD886B4A8BC72BABD3FAE114EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033800Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:43.821{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7695CAFBF386A7946978A0F245FE84F8,SHA256=CDB6E9289EF5D032B77808CC14D6867FC4D72F30EE662537058EE87B50CC2B84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:43.530{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44E1B61A722AC1DB97E3B641F48E83A7,SHA256=8528A721A6AEA21D81209E948C220E4611E3B807B2E20D68EDB09C681A07E049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:44.561{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECE4666DEC230C8823017DD207460586,SHA256=8D915128FCEA8795C29446A8D7F3AEC7881E3CD2D6BD9E6D2B3C30008DBFB8D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:45.576{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=245D32EBF7CC11FD67D8AF75283C6244,SHA256=DC1942EE070744A7DE389936BDCF1ED668681D9EFB5A2494854457EE0EE0B06E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033801Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:45.056{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B1B58B704CC38D094A76F9BA09D0D72,SHA256=FBE95697CFBB7B9FE5E58ABAEE80308D3685504B97F7C21245A917E777D72E5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033803Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:46.212{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=320F30595541EF3FA13172D7697A0980,SHA256=8846A6AE8EED9DCDCF44CA49B0BA4790E6B7207A4B291338FB311D0F04A54F36,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.912{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.912{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.912{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000081797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.890{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3A4D6293E476BC43EE13B942D618FFF,SHA256=CC06260DBF79AC2319DE1B5F1AEF78DF9E875BD9A3D43640EA09A4414024A535,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.712{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.707{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000081787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.706{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000081764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000081762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000081761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000081760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000081759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000081756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000081752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000081749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.690{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.691{8057F119-31BE-60EC-630A-00000000DB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000081744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.259{8057F119-31BE-60EC-620A-00000000DB01}48846176C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.259{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.259{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x800000000000000081741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:44.369{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63507-false10.0.1.12-8000- 734700x800000000000000081740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.044{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.044{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.028{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000081716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000081704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000081700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.013{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000081697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.012{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.012{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.012{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.011{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:46.008{8057F119-31BE-60EC-620A-00000000DB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000033802Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:43.450{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51679-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000081855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.774{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECF27A916A1F40755E03AC8154FE34BA,SHA256=87BD43E69700305C6FD1FA656678532E1CBD38AEF4EB2D2C93E280666DDDE8E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033804Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:47.228{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=640E18A0B260525D461F04FDF3FE88FB,SHA256=99FF9A11885BF945ED8EDDBEFEA998F6DA0264F7278993197A09ED0CC521F915,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.558{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000081853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.558{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.558{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000081851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.443{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE7896FD346DBB85A7BCF39107E89424,SHA256=B76D7AEBABDE5AA4411A1F812DF877AE4D928A47E6FAC7819DEF52E1EEAE23F4,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.374{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000081816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000081810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000081808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.359{8057F119-31BF-60EC-640A-00000000DB01}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.027{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B97724FCAA54DC0F5012989E38E4AD63,SHA256=1C38E380B75BA1CD0D0C1262579B4381D2AB058777D57801C101BDE7B2E26FC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:47.027{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5709E347B8E7DDBF266975A331B3DB7C,SHA256=99DB12B9DE84C2FE236DB1C8F72FD0DFB6CB139025622A321C7C065868BD38EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:48.788{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A87858788409952A05C4DDC0D8175AD,SHA256=6E223D87A55E33260837B5B4B8AA02B9D9DE5BE2A3C6D01E765FD151645300E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033805Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:48.462{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B1C180C98D74CB3B88D94C01BC8F8CE,SHA256=1BA18C39307CA57251EB93AB5918FBAB05E1BB48B7A85EE64C880CB0E1E683CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:48.373{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B97724FCAA54DC0F5012989E38E4AD63,SHA256=1C38E380B75BA1CD0D0C1262579B4381D2AB058777D57801C101BDE7B2E26FC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033806Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:49.696{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D66D8D81885749F0207675745C8EBC29,SHA256=AA95F1365A8251D73A4A2250D141F9AA2F2817867EF64E4294B3ADBFEDB8406B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.974{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91986E641F8EEFDC829B4EE887C01374,SHA256=E5D4171669916F524C5C18A88BD150BB1D01954E7A0F6921F41C08A1E841C1AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.974{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85019B45FA4637E3D7AD26E6A0DE4876,SHA256=5407695E31306CEC50D8BF673972ADD17AFAEA4D6B111287555251E5042AE6E5,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.958{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.958{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.958{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.943{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.943{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.943{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.943{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.943{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.943{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000081929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000081921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.927{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.928{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000081914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.642{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.610{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000081912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.610{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000081911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.610{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 10341000x800000000000000081910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.610{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 23542300x800000000000000081909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.610{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFa0be44.TMPMD5=D02E65C42AD32F3ABC147AE7AB968251,SHA256=E8818DF00616D25228108A1EFC74316126A1FE625A120883CCA21C9468504286,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.510{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000081907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.510{8057F119-31C1-60EC-650A-00000000DB01}43206792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.509{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.508{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000081904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.310{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000081903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.310{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000081902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.310{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000081901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.310{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000081900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.310{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000081899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.309{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000081898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.309{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000081897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.309{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000081896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.288{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.257{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000081894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.257{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.257{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000081892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.257{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000081891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.257{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000081890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000081888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000081887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000081886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000081885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000081864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.241{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.242{8057F119-31C1-60EC-650A-00000000DB01}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033807Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:50.931{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=913E8D45D357EDA8426161B98E949BD5,SHA256=88ABC95304A8BC37DD9D4E1372CB93D6463727F88A5FB51474925649E84932C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.945{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94DBE67AA5A4C4519AEC6AF7AB327512,SHA256=D48E90E542CEF197B0F33CEC8B732B89E7D01319BC36CCDC1CF1005774A984A8,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.792{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000082020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.792{8057F119-31C2-60EC-670A-00000000DB01}14924684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.792{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.792{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000082017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.745{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2ACD7AA86DDDE097DAED5F1E5D90682,SHA256=32D554616A01986B4EE2CE1F9CF60E94CA061F0FBE0006C5CBCD7C98009BFC44,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.614{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.614{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.614{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.614{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.614{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.613{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.613{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.612{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000081999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000081997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000081996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000081995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000081994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000081993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000081992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000081991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000081990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000081989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000081988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000081987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000081986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000081985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000081984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000081983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000081982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000081981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000081979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000081978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000081977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000081976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.592{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.593{8057F119-31C2-60EC-670A-00000000DB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.243{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E20E408EAE2CE106DBBD33FD34432FC,SHA256=73826BBEBC19963E81513CFE814B79563805955AE425E4F8FB6F1F81D3E3466B,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.211{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000081967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.211{8057F119-31C1-60EC-660A-00000000DB01}97007448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.210{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000081965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.208{8057F119-31C1-60EC-660A-00000000DB01}9700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000082037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.959{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4654541A78F30C122EC7D3CDC6933DEC,SHA256=006448E38F95CB39B7BE952128DE9D278746D48EE4C1DC974B11D92B95C8C812,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033808Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:48.528{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51680-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.759{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=EEA3707ED959C69AA63D0B12B4DD4DF0,SHA256=C2C763EF47B86A45A8B8743F981D33BBD1A203BF75BA01841EC027BB38084E02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.759{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=039EE686A34ABBB186FD8B95712DCB37,SHA256=10E207A2B5EB82CB2F308101DF1CF1007BD41BB48C1D661B7896AE830C91323F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7C20BBC53F2BC2C303BE5BD4B3850ED8,SHA256=E8E68D50B94EF23B300B7CBDD346E66239817FEC3D913D76A79759F4887EB848,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=0EA5B302E85DDB3276E6EA768306BE24,SHA256=348E6317F020176E6CED43EA54A3E6DAFC44CFEF90965E63629B163FF61FFA55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F4BBB0DA346E0384398FE9889E1EC609,SHA256=3F04FBFE8581ACB845AC9BA53ACA46B87740211DB545E74227C61B4CD2850BD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AF291C959DDB68DD3E67D87F65CF1506,SHA256=8B9A17FE111535D85C5F96A4F85FC5CF4913140D394029CA3A3F2550D9F68AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A12CBD68CE048FEEE0D3D448D7A12497,SHA256=01894CD902F12836A734F92C91FABFAB32089846F421070ED380735FF7914BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=56E93831CD17F90B7047CA73C30C6A36,SHA256=2243ED9E2612DCCC24239C85505F2BC6279B5C16631978DFBC0220795E393E45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A61327C8ED4E278A31DBF7426E185BD5,SHA256=F0AB3897D7FB5910643FE3E121109E4A3C27D86FC8939366B3ED39C35050C3AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C514131827C8A9B359A38B6FA2834DAE,SHA256=6D6655379459C27061BAB0CC811C80946F8223AC175EE72A1EACA7281D0FEC64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.744{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=651E338DF1EAC96B53283A91AD471A46,SHA256=E3E428BA66EDE3ABE67090F768514D324268261451E0F439DA1EA8BE55906BC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:51.628{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74CD19D851678CE07B04670E6527D9D9,SHA256=9F052A0751320280E559DCEF1DAEFC1FDC37C2D164E4AD2A985F6E00CF0681CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.945{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63508-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000082023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:49.945{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63508-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000082042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:52.974{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9D88A0E9C6475F3D02DF3D42F742B06,SHA256=7D59AC789C16624385D02F54A60999B205AB8A0326C888CB57F777EE48D31A70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033809Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:52.165{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=876E32F4E906EA816F710CCD201C7547,SHA256=2FB97E27F856290F6ED886D6C58A341853764D36F5BD8DEBF8F916B1FA731C9A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:52.510{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:52.510{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:52.509{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1500-00000000DB01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:50.267{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63509-false10.0.1.12-8000- 734700x800000000000000082093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.412{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000082092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.411{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.410{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000082090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.213{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.213{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.213{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.213{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.213{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.212{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.211{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.191{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.191{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.191{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.191{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000082075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000082058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000082054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000082050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033810Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:53.243{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17B3557B42011AD0BEBBEB806C06115C,SHA256=A83505EE869DD0B25887677059D90075F011FE2CA2AC8FA5A88DD31BA19F49F2,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000082048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.175{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:53.177{8057F119-31C5-60EC-680A-00000000DB01}10080C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033811Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:54.243{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BC8E482BF79E6ED91F74C8965189F86,SHA256=1B0A0E978C76A893266B764CCE63E360BAA496CF8C5A54D49CDA0E03C04FA4C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:54.311{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=745239B2D93C33C97B8345D4BBC89F5C,SHA256=8EFE8166344BE16A05DA53C317A70794B2132D50775A297AE42A8C9D76E660B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:54.310{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A2193AF77113555D247EDA3341FC54DE,SHA256=5EFB7FA39756684111EBBF7FE25963EE6049E935F95651E11608D1268889C838,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033812Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:55.306{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7193B614CCA96E0B0659FE90A29B071D,SHA256=1BEB427260A58CDFC4E7336413055080D03E577A174AD0B4E72D37B07C91DCC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:55.330{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7721C9EF446BF901FBF2D42519F4889D,SHA256=86E8DDFCEFD2401FC8463D8E77BA96E2C30DBB5F87B767FCE1F437BB3E1B4F05,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033814Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:54.419{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51681-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033813Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:56.353{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A47B5717E25494425E55FBED58C992A,SHA256=B9D6507D9D99E54EAEEEAEE36FF6B5773F36ECC0CEC2DC0CA1A3C263441EBBFE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:56.645{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:56.645{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:56.361{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=237EED64662AE1D904F71FCC0853EBFF,SHA256=7DDE235956782C3ABBCA216106801913E27D29D17221875D834F5933D38C3ACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033815Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:57.353{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=443854DE1F4C1F84955C6D9982618661,SHA256=1B7F5CDC7D59263D352ABA43FD51ABF8B91BF32C28A88769743F1E4DC130E613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:57.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA72A063F4BE790E5F735F669C3A7D6B,SHA256=E9394890B3C61D51418131DB93FFB62FF0616DC5C7F0F99035B13196B73A32E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033816Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:58.384{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABDB11812EE70A638C77429D981CABBA,SHA256=AA6D99518200F47A2AF832858663078E816919A495366C621F6BAB55F5AAAC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:58.392{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=430E8DF991DC067B56BCEC54CC588313,SHA256=CD7DFFDFA38460912EDACD7B156BFD09EE04FD6830009632D5CB2D0DEF330018,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:56.248{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63510-false10.0.1.12-8000- 23542300x800000000000000033817Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:12:59.493{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4B47637AA6119D319F058CE3A7E4E1F,SHA256=679F25A804BFCA1D575D4B578600BAAA2EACC37AEDA7309E506CA42DB90C5051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:12:59.396{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A13A5A6163420F36247573DC02D3C58,SHA256=6BB501C2CE4388ADAB0332F0938314B7D60C55ADC579E9960C028AD0402A9295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033818Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:00.556{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF22C87740E9BAFA6D2CF416190AE6EC,SHA256=20F370AED9847F4AA0F92D7D7A70E2BB7E99114C0262CE55BCEE13483B9AD61E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:00.409{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFDA6580B3A8DCB05428147E283CD336,SHA256=02A1DC66B6E3A1B60B2F76E77316E203F01C505893578F75360777D3EF9D878F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033819Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:01.603{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BDA31A2D04EB5F467D0C5D9D2C5F329,SHA256=B7F62BC570AA47E3F7E744ADCB2AAFC86DE22907B405E883AB0D38BC62D5B99A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:01.444{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E84A65C0C096C6C1289856597F84025,SHA256=0F90427E9DE303AD4805C5B25881CC49832DA9885C5D793ACDEC3A64B1477333,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033821Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:00.419{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51682-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033820Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:02.681{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A60C4464FE5EE9E182A94B9FC46569BE,SHA256=91B656E156336D2633E4A43E0127F66F83176ACC03D72F2DA4B1273B9D77A2FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:02.474{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4827C9D52A2A5DE46E5B64C38598302F,SHA256=917C4B6306F117D9E2957CEA5E7325B9679F5451948FB1C2BE38D92EEEC0E947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033823Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:03.900{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC33A063FC573B2BF553789B22B02DB1,SHA256=594171D77E8750696AEF98ABF725C34C387EB48AB7E9E6C72C63624A8D14284E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:03.488{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2A921702D4C8AA0315AC4ECBE32A232,SHA256=9ABE81AAE2221C22C75F8B29D0D3EF7A49EDCF84E8BBFD0DDCEA713E4813A0A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033822Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:03.259{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033825Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:02.591{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51683-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000033824Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:04.915{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E16CF819C04517C35713616FCBB7CE3A,SHA256=9C61D8AED98239AF62B26AB984A618D23E5AB87B76804DB974F48011BBF9987F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:04.510{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FB51B57B6559CDF6DE6A317B9AB69E3,SHA256=939645B366CD2C54D2D23C7968B032F287C664577387A0496926FEF8250A14BB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:02.198{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63511-false10.0.1.12-8000- 23542300x800000000000000082110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:05.544{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0548C35765C9CAD3C9FAEE3D478F223B,SHA256=4C0A3D38F20E4EFF95389529D6014D5A2B63258C1367F2B04FBC99E168A2A02A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:06.575{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD3129034BFE42F8654CBEC4246F822F,SHA256=7E19641CA794F129238697D936D11D18A0C65E9A712FC84B8DDE1FBE571928D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033826Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:06.150{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D4C66898DAA008B661179F74F939FB,SHA256=D0B40CC84673FDAE9E8F59D858EBDB11FF76813ECEB0F1FA3F908851DD6212D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:07.590{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01DFCAE62962D3F2D2422A1FD45DDD7E,SHA256=E9732BD9A9ED0B1685092D00B3BCA2A815BC7D1D6297E8104D16FD50FBCB6EC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033827Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:07.212{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76338731A189D7F3EB5465D3EEF0E4D2,SHA256=0B15C0CB4DC4731AD5724EE08DAD1AAC15D6C2CAD87E3D196AB87CE88FCBAB41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:07.412{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033829Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:08.275{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25EEB780A88C4747F1670D505D5380F0,SHA256=E22A6C4B0960ED5821C3E1E47B6A136D269AFFF3CCE835E819A11EEB0FD17EE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.873{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000082120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:13:08.642{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\2F5B0B75-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_2F5B0B75-0000-0000-0000-100000000000.XML 10341000x800000000000000082119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.626{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000082118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:13:08.626{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\A48E1583-94F8-4700-B651-E79BB21ACBC2\Config SourceDWORD (0x00000001) 13241300x800000000000000082117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:13:08.626{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\A48E1583-94F8-4700-B651-E79BB21ACBC2\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_A48E1583-94F8-4700-B651-E79BB21ACBC2.XML 23542300x800000000000000082116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.607{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68532560C0D299CF73E792FBD7FC5B15,SHA256=CBD0F091A114A6E89DCB911BA3E4349C55D4B7C9F7A403AF0ADE32A83C69E965,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.542{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:07.366{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63512-false10.0.1.12-8000- 354300x800000000000000033828Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:05.591{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51684-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000082127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.747{8057F119-08A1-60EC-0D00-00000000DB01}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63513-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000082126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.747{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63513-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 23542300x800000000000000082125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:09.674{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=719809264DC4AA8C7A49E676A5BE582D,SHA256=3C0B5231C0099F2507AD14EBCC95143127817251950A8C20DD9C76F5F6AD0243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:09.674{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5774667DFE4AE924568C23411A50965B,SHA256=DBD77C964366D694DBF1B923FFB5F583F7C47768FADB6AD69A02808A993304B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:09.627{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0B29FAE7ADF9DC60DD3812C59394BBC,SHA256=5BEC51FEC3B6F369E0017D4CAFADC8DE907082A552A2634A3E85BBC64D5EB10B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033830Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:09.275{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A91CBD4B7C359B28A5CFBECAF7939E0E,SHA256=CA05A8DE167EB516CBA1FEEA9E82E4F93493110D926659A921F9BE3D49E3EB57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:09.227{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:10.774{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:10.627{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D46EDDCEBEE4C0E717A8576E9B4B606,SHA256=11440DF04BF3930869F5A1F3BC2C4B6AC6F42A2E28337C9BEB3220BA77557A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033831Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:10.306{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF5020C9186680B01364E7FDCCF8E47B,SHA256=8DA5CF9C526F0B826C9ED416EE0B32D33A79A2FA794051C776A3B097B7078FEF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:10.559{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.813{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63515-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000082130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.813{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63515-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000082129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.791{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63514-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000082128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:08.790{8057F119-08AE-60EC-2A00-00000000DB01}2932C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63514-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 23542300x800000000000000082137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:11.644{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4009B4084AF7FC42B9935D2F04ADBB3C,SHA256=4B7B66992A18BB363E1BE33BEC73E9F66B2CAF31E9AD0B28CF141C651DD62663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033832Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:11.323{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F6DD9E98D1177901F63BB7F2E359D44,SHA256=4A3408E9BD9CCEC1340B106FD692092CF00A10588342085CB686B0AF87BEDA2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:11.128{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:11.059{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:12.844{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:12.675{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E21376B8A84BDC2DF8CB0EEACDF0317E,SHA256=386E65E6B0558C9C3A547AFCAF39B5E42DD366E9FC8466694B50B5210BFEF9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033833Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:12.325{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCF2E1F2E6DD9BAACE7C31140F488E89,SHA256=3D61C0FB0722909F3276461CC11625CCD50332E783CF39EC48D733356F3CE633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:13.675{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0625DFA8B87D88CFAF3A2A25AE281925,SHA256=3997F50B2F10CAED5968DCB6465374418D143D1D48A3FEE4CDEFF0A5251013CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033834Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:13.327{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FACAAD2D83B0736A5474D59EACC06017,SHA256=6D17958E9E32125D101609D649BC3249DC29E112780792CD96BB8EDA0E0CB24B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:14.709{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0EC385D076A4F6DF1B0336AF9E26934,SHA256=DE66A80CF19C5AEFFA6F7031A6840811F575409F3790A276A9D390C634CEFB55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033836Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:14.341{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7227332A000DBD8DFC8BA0CF183534F9,SHA256=BFCE8D0F31A74F51068BB47DCB1BBCF63249D751646713AA19EBCD3AF7A867B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033835Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:11.578{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51685-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000082147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:15.975{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:15.728{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D2B63F2FC4E4C81EBF66F5D6602B2F4,SHA256=D9EC8D6F0C4D9393DD98729400B2B228D07EF3677314929D62D3E91EBC1DAD7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033837Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:15.341{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBC34D707BACDE9213C5CE15FA87C1F3,SHA256=AFA0D298C68F6C72C8FF24F47751DA7B09E83344005865F0C7E4093998C3619A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:13.284{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63516-false10.0.1.12-8000- 10341000x800000000000000082144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:15.608{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:15.327{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:15.259{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:16.729{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4D694D8AFCA081AB2DF1209F160456E,SHA256=168DB5FFCD991DB9EAAD7A98F477E6D5DBB1A3E040C88CCFEAF0B51F43C97459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033838Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:16.559{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BA346113EFCDA86F1B8EEC7805FF689,SHA256=CC1B7B844862B781BEA15574F420A765109741998F18A335D974B6725964A92F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:17.743{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E253637B57111AFE7F7517C5443BB3A3,SHA256=161605489C9A08219CEB02E285C25360827FF351D59FB8B468D3D053586DBCE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033839Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:17.575{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A9E186CD65B27606C9C0C8C8186036,SHA256=D946A5BD03BFEDB02FCC1D969A41FFE1BD0B8218A21B26AC7A75DE4870FD354D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:17.191{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:18.743{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34D74D630619F712A5EC517193856B6E,SHA256=80203DAB0B1E3C406CE504849ACAC7CFCA1AFB4074ABEE948BA55FB3E7BB4CF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033840Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:18.591{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD093B48588592F2918E0FDD93CFCE0F,SHA256=2810A19FC7C92AA1E4974397C16986028BD49EA275BDBBBE74EEC8DC5E00D840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:19.828{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:19.760{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0056CB26F7D4CF3AD8FFF1B39031C3D0,SHA256=F75437F0CDE488AF5A135D71DCE6AE176D6F532AA2529FBD0978EB41D708BE1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033841Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:19.606{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A497E90BB6AFF3D5175A63758CC247CB,SHA256=FCBF67DB18DAA5945F83DB861FA307C4ABA70744E40AFE3808BF509D687DBCEF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:19.590{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:19.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000082160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:20.874{8057F119-29AA-60EC-DB08-00000000DB01}8952C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\SiteSecurityServiceState.txt2021-07-12 11:43:20.863 23542300x800000000000000082159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:20.874{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\SiteSecurityServiceState.txtMD5=8098006D187410AE4588789CE33FAA3F,SHA256=1486E038FD3191908625CC8001EFD66DC53A6D28C8EDAB7CC978183C214C01DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:20.790{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB0A51570B445AAA6958A6F749CC15A1,SHA256=260925B4611E4662CA41EC7F0105AA709D2F4021D983583D41DCC9F25331EEB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033843Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:20.622{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=003EF37AFF898A10FC2BEE6B789853DD,SHA256=43DCE123CF01AC5AC85A2AB1F0CB3EA1A59521C539DEABC485236E16F10DF5B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:19.167{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63517-false10.0.1.12-8000- 10341000x800000000000000082156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:20.228{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000033842Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:17.563{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51686-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:21.790{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85454705A64616599F3083B9A001DCFF,SHA256=E8F1DE65A0B0AE252016C05099B15C54EB76037D3798988A33C8602C878BEE09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033844Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:21.637{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E00FBF09E92CC96105CC91A9E9596F4,SHA256=6C131CC9CE1626AA23276C75712129D85063F91FB40BE28B7F4ED750F3E6898D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:22.808{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42A91D184FB12D9AE0BE0D97FD16581D,SHA256=8FC27603670D80230FAFD608F9ECF657AB4C77FC618A256DA842292ACEAB5296,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033845Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:22.653{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A98541A0E5F34F93197F0A29A25C015,SHA256=32E64DB95E98E0162F97E16D0600086102635D1E7B33C1C71D3AB9C53AE30C90,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:22.689{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000033861Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.872{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A833DB8BBDFE02F1A0EC4F7272889EE7,SHA256=4ABF31B9788E2542AAC03A717B9DCDE10F331109CBD6986BFA88CD7EA6105A3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:23.826{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B9C38A2A6CBE33823259019F9B6D1B1,SHA256=0C7AE3C43D384E9B35F28E6A971A67F92DFE0DAE3F6FEB511BD84437CB9FB743,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:23.142{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:23.073{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F540E891A46451BDD2FA3B055B0B3740,SHA256=A405B6DF49C8E6A72D9B47E2958533D0533B9C932C210B83355A4F76BD8A637C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033860Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.669{50946567-31E3-60EC-6E05-00000000DC01}31321228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033859Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E3-60EC-6E05-00000000DC01}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033858Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033857Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033856Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033855Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033854Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033853Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-31E3-60EC-6E05-00000000DC01}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033852Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033851Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033850Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033849Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033848Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E3-60EC-6E05-00000000DC01}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033847Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.482{50946567-31E3-60EC-6E05-00000000DC01}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033846Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.481{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F6CBA0F90C6FB06076A6BD36C6C0C20C,SHA256=293968023085EA8CEED9998283CE29FDC8020D8D39350BC93BA3DF103C2B5313,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:24.841{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=916315436375C5E84A78E4B82CBF3B79,SHA256=280047F9675D52AC35FF5961639F08A9DB6CE3DEF34F2416F97662CFBD8E12C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033890Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.794{50946567-31E4-60EC-7005-00000000DC01}30123724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033889Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E4-60EC-7005-00000000DC01}3012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033888Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033887Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033886Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033885Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033884Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033883Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033882Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033881Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033880Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033879Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-31E4-60EC-7005-00000000DC01}3012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033878Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.653{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E4-60EC-7005-00000000DC01}3012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033877Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.654{50946567-31E4-60EC-7005-00000000DC01}3012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033876Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3405BEBFA6B2B982593FF5808F569771,SHA256=7629215FA1831AB6E5403783824675FD17BD54040C5F2081019B9B3501AFA29B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033875Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C7702F3B7EA85FD33416D30D449AC98D,SHA256=80C381DDE6E61605EBAADEE6CB4D0CBAFE7102BDD2C2619533401F448F6E219C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033874Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E4-60EC-6F05-00000000DC01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033873Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033872Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033871Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033870Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033869Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033868Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033867Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033866Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033865Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033864Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-31E4-60EC-6F05-00000000DC01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033863Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.153{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E4-60EC-6F05-00000000DC01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033862Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:24.154{50946567-31E4-60EC-6F05-00000000DC01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.847{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=090367C353830A207F67DE8ED61B2431,SHA256=8C15024672BCAF5073A78729A459548BEF15FEC6BF0ED6018A11F68FAD192439,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033920Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E5-60EC-7205-00000000DC01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033919Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033918Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033917Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033916Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033915Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033914Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033913Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033912Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033911Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033910Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-31E5-60EC-7205-00000000DC01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033909Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.809{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E5-60EC-7205-00000000DC01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033908Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.810{50946567-31E5-60EC-7205-00000000DC01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033907Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.684{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3405BEBFA6B2B982593FF5808F569771,SHA256=7629215FA1831AB6E5403783824675FD17BD54040C5F2081019B9B3501AFA29B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033906Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:23.485{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51687-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000033905Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.309{50946567-31E5-60EC-7105-00000000DC01}2516352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033904Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E5-60EC-7105-00000000DC01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033903Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033902Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033901Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033900Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033899Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033898Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033897Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033896Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033895Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033894Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-31E5-60EC-7105-00000000DC01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033893Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E5-60EC-7105-00000000DC01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033892Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.186{50946567-31E5-60EC-7105-00000000DC01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033891Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:25.184{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC30E7B804251443C3ACF584A6C2120F,SHA256=9D9BB4F35C2B7DD0C921A45186A6CC0AB17A3530157367454E1ED1E910EC61D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.487{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old\snap.datMD5=B0D3A3D37E268D3127A3E021A9755B4B,SHA256=EBF5371C0160B3B2C7B485746FC6B23479B104CCB61B648338348C72A4988CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.487{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old\btree_records.datMD5=403B487EE476B6FC73BEBF8617A8B4D2,SHA256=F3BD36B7AE1E802E226B601E6F8634C8B455496CD73F565DFFDBC987DD7E37DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.487{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old\btree_index.datMD5=C241305B9E96DF1CE28FDECD2DDCEAEC,SHA256=0DDB640CBFB58E27BCA5E9BF20A3DFB02C8F56A287CF8E29E3DA70CE48BBAA5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.287{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.196{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63518-false10.0.1.12-8000- 23542300x800000000000000082187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.847{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F5D322C4671EF5EBB5B2DBD8BE9E79A,SHA256=14EE36D2CBAE43FE0AB9159C5C1A4FA8B3EE8DF00AD316D5A754F6D011ED14A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033922Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:26.981{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6C8F04A79EBDDE2F9468A1EAACF69B9,SHA256=85925B2FF1938E9FD25DF279D4E890110C104411637FCDC88BBF1DC16D2950D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033921Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:26.434{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A299FD91C159A31A993C6A168C81A1EA,SHA256=C7ED4CF8F8D8C9B7511B1E495694BFE4170242CE292ECC6F11F4A48DF984B827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.078{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=91914AA60F46D2793C70C184A9D3FD5C,SHA256=EF7CF769330A2F4B9AFC4FFC5F5C695BA86AF5B210BE3B4B41A492FE4F0F6648,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=802235D68362CECF1090CF893555B9ED,SHA256=A2CC9D4481D9B62D1BD842E29FC59AAF3C70786DF661FF9D2B666A0D6F260F98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=121DDF9EDB58C0B290A76B00E2181F7D,SHA256=E13C2731823964623B756173E49BCB0B28F787222B83F54CAA192A8E8CF111F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4B321C21AD9AA2AA681924376FC91A0C,SHA256=18ECD9479DFFB4699D368FB8B9A929804DE23CF1372FDD7CA6B1F82CA0BF3300,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=960BD79556C87E1BAAFE30C0DEEC54C2,SHA256=70390B912251E64618176257DE6B89ABF484E54C4FA8F3FF76240B010816B1E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=CBEEA9988521B72091DB8A16AD165079,SHA256=35FBE6727D153C0D9A255A4723C94B269FDBBD3FD43F1B0539DD9DB42F8246A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=967BE3F0DE58F226464553B29815454A,SHA256=7769BAB09B390EAE5E64C3F113AC48B3A14726E06AF9B4D56011183854848EBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7BC8FBC71C869B61D6ED152DB6DFCBDD,SHA256=238AD860BE0CABF301B5351FD11E1A330BC5B16D3EC7B9DCE095122B64753258,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=70758AEBF623E82AB9637E877F7D326E,SHA256=5158EF74A7076CFE75F4895EA8C923C95319844C73CF117C093731B93BE02FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=02A2A2592CA8D5B52E0E90C6E0B3699E,SHA256=9BBDA12A0A5A934BAF266C6D9898D3117DF4516D807B9983924E2D9E993F9EF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.063{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=35E7D8F518F2BF63325501522EC070B3,SHA256=3DDA766B3C2C3DC6F70BD8D7468032F3B8C84AD7B6AD281586FB82484D07F3AD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.010{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.010{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:26.010{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-307C-60EC-300A-00000000DB01}4476C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:27.994{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:25.411{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63519-false10.0.1.12-8089- 10341000x800000000000000082190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:27.914{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:27.863{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E993F69A206BCED52D205AC3BC21D18,SHA256=E286D2B7D2A861DD22D10F5317DC8660FD7F5038EE374FF4122BA974DBD8396D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033923Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:27.466{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=838D465F17D29B7C0F9CD6DE2E000C41,SHA256=DFE04516E8392D614F774704817BB6A8E89869703F1A2AC5230EDA39CDDCF5B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:28.865{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7963874F34E0976757ECC47E4898E02,SHA256=B3242CCA4D73FD0A13168A6708CDB6A3F9ACFD58056E31105BFE444E2033E9F1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000033951Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.966{50946567-31E8-60EC-7405-00000000DC01}23444036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033950Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E8-60EC-7405-00000000DC01}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033949Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033948Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033947Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033946Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033945Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033944Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033943Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033942Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033941Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033940Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-31E8-60EC-7405-00000000DC01}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033939Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.778{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E8-60EC-7405-00000000DC01}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033938Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.781{50946567-31E8-60EC-7405-00000000DC01}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000033937Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.528{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEC960B499AB63773EFD806EDE387044,SHA256=9DE51EF9265C6318B5439585B8A3E39F04B1E3F47490094E86C04A98F2AAF55B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:28.580{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:28.232{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033936Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-31E8-60EC-7305-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033935Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033934Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033933Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033932Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033931Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033930Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033929Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033928Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033927Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000033926Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-31E8-60EC-7305-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000033925Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.278{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-31E8-60EC-7305-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000033924Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:28.279{50946567-31E8-60EC-7305-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:29.915{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96F53D9BD6DEE33E55CC051683E01DFB,SHA256=4D56149B00886E2A3DDD75196160AA3004E4D08035DEDD4D4CF3170C9BF0A8EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033953Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:29.653{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F49DD779C962A3642142ED8872ABD6AB,SHA256=2A4C276EC5591246ED6FAAAFD48F76789F70B4DD84388C6EB0AABC3F1A348C59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033952Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:29.325{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7EDA4BA21FF1F7373ED7F120CE13BB28,SHA256=1A971F5E63E547611B41E7CFAAB627AB48E51BCDC9D114B777E9EE3F0C656CEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:30.934{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD58C9A33442249618C25C522F681E6D,SHA256=B3361FC4B9DC72CC57968007B61F0514CC9AF804361AE6230E219E4CE555D918,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033954Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:30.684{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4AC3BE02B183B79BDB4B3507E5F2706,SHA256=9D38862917FDBF30CF031D01AE13448FCE4A8EEA4D8EF06081F4F8A33FCE6087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:31.935{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E273B986854174FFB0B217EB1B69EA31,SHA256=C0538326FF8AA0B9BAE66FBA3575A6638B3BDFFD304FD17F8183A8673EF4790B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033955Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:31.716{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0154CD04B99FE082FD2FCE603B071292,SHA256=D31F3CEF829547459AA653D3644FC6037729E3B9AEE55A7F2BD93C82D163DBFB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:30.252{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63520-false10.0.1.12-8000- 23542300x800000000000000082200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:32.965{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D3ECEB4CA1ADB0FB3025FC1B174F11C,SHA256=4CDFC067067DA3A54226BB482FD4F87496446F148D00CE7986CA9B44F70ADDF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033957Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:32.747{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C2283ECA9B940C24E533CDF672C4B8D,SHA256=D9166B97E5ACF50AF7ED5C2EE1DEB4824D12B47B226C7FA5D39B28158B624B4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033956Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:29.469{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51688-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:33.966{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9FE7AC4EA9167AB98F35DCD184B45C9,SHA256=370810B7282BBFA354E7A79BC41639E1623009A711A34973EBE50C288CC534E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033958Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:33.762{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA8CCD4D0A079A55780AB2E2A14BDEF,SHA256=1323DDEE2431722FD86F36A3EA3040EFC7D24A925CD9E445408148980C54C38A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:33.566{8057F119-29AA-60EC-DB08-00000000DB01}8952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ush62qqu.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=9CAD0FA0ABD62F5807C6D1934D437958,SHA256=F9CB62CFFB5C72F4ADD36DD37CD9AEB7525A6200C16B179379F4BFF92C8ED6E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:34.968{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7372E0CE7BCC548C8AB21A29B7FD0C4,SHA256=A24AA3CEA8721752AD16516F1144BAB33796F5CACDD23F5548DDFB6D95CBD153,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033959Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:34.798{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB78978EC1782BF5A6C99140A8F12FFF,SHA256=7B75965548084E4270D2CDBB4641579E27FA31DB29B57D35EDF138F3EF1A126F,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:34.668{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\tokenbinding.dll10.0.14393.2363 (rs1_release.180625-1741)Token Binding ProtocolMicrosoft® Windows® Operating SystemMicrosoft Corporationtokenbinding.dllMD5=8AD65F608FD6964085B365A43F8DBEA4,SHA256=E088353C88877763D4E5BB6EB7FB55C81908DF639A9AF89EECA546FD9EDB18DE,IMPHASH=EDBDD2E193CED10C0D380B250BFC13C5trueMicrosoft WindowsValid 734700x800000000000000082206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:34.668{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\TokenBroker.dll10.0.14393.4169 (rs1_release.210107-1130)Token BrokerMicrosoft® Windows® Operating SystemMicrosoft CorporationTokenBroker.dllMD5=9ECF3BE652A6FF4B5C4744697FDDABA2,SHA256=00DF6190CBF64C8840C1B9068A844D4A6584E6D82C8C6FD78CFDB10184F815C7,IMPHASH=F91C8ACC62DFD3D725FAC2A0CBB6AA8FtrueMicrosoft WindowsValid 10341000x800000000000000082205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:34.683{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-21BD-60EC-4507-00000000DB01}5968C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61efc|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000082204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:34.683{8057F119-21BD-60EC-4307-00000000DB01}25567160C:\Windows\System32\RuntimeBroker.exe{8057F119-21BD-60EC-4507-00000000DB01}5968C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61efc|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 734700x800000000000000082203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:34.683{8057F119-21BD-60EC-4307-00000000DB01}2556C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\OneCoreCommonProxyStub.dll10.0.14393.2395 (rs1_release_inmarket.180714-1932)OneCore Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreCommonProxyStub.dllMD5=02CEC1566FB0709923FF7A9FEC254D96,SHA256=81BED60AEB79C489E9F79996A3F0AB626E6CA247EBB656B6B9897C47A39F6AFB,IMPHASH=69A8B7E9F373278F52FE45A83CE3A380trueMicrosoft WindowsValid 23542300x800000000000000082210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:35.983{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BF04E54EC3CBD57328DE02F4F488669,SHA256=2B4DE3135135A8BED606CCEF903DCDF96C90A4C7C8AB1123D679B524B28B857E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033960Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:35.861{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61B4C1D84ED1E10696FDB66B045E9D9B,SHA256=2E5AB2DF6928442715807B7347859E5DE60739346C95AAD674E2F74DCF0C6EF6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:35.867{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:36.984{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB0AD4DD8F483B6009F8E09D6E7AEDD5,SHA256=FD384182CBBE6DDC96485DAA0EFDB604E523839EFC44BE6E20EA6C99BB134D75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033962Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:36.908{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFE9BD8EBE3627108246BC6F77E2BFF0,SHA256=6A3574DABD0A107C78C0DA64ED8090F36F273A12B3C4EFC3EA092614781DC5B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:36.837{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:36.699{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:36.452{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:36.368{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000033961Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:34.520{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51689-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033963Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:37.970{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AE44899B4D618CDA9AD93D394243BC4,SHA256=81E317871924C571FE65223D14BA98403261B274AE132279C068AD5596D16908,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:36.238{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63521-false10.0.1.12-8000- 23542300x800000000000000033964Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:38.986{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9AF8577C16A2993BDFDC6E3591DE75F,SHA256=15A344B0388ED9E34809F0C24631A7A85E4012988E17E755B4018BE312020796,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:38.137{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-0C00-00000000DB01}840C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:37.999{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38E915EE982998DE2A57CA19FD3B08CC,SHA256=123D7793F0415BECEEDDD30ABCAA6E1AD2D3EE913E8E919C0359B1939FCA596A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:39.002{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D84D35E53EAE1FD01F959D3A4AAFD9B,SHA256=2F1A7088C423BE50D22F59D0A3587FA77B290AD92959D264777C3B10A5788CD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033965Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:40.002{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B1E341488A4F2480777F0C8548BF3A7,SHA256=9C9131F68AF19618C499EAC882C5EFE2F5DBD4E49CB7CD53D8DEE704A7BD94F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:40.020{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=577842FCCEAB80EAB1FD90CC3A8E2231,SHA256=F2C83D5D9C336BA2144AA2418C598CC10591D84401413877304A852F6104580C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:40.001{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.900{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.853{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.784{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.753{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.585{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.538{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.538{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.538{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.454{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.454{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.454{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:41.038{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53316D85125085B63A5C4CC002759D8F,SHA256=BD6F5A2E4B763A36884D0AC7F2E5F5E8A6073AFA53CC7D1A0EC59810B9CBF780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033966Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:41.236{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=980B23E4A1C240A74FA8291EED539F63,SHA256=0C65334591F855AA378FB9A1F1294382DBF6D59509089BBF4FB06CFA47EA0804,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033968Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:40.380{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51690-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033967Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:42.267{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E988748768D5C95C5618F254373B5709,SHA256=5BCC9ABF22512CBAD757B3427414B4975B3962737332520E836F1B0D9C04EE61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:42.053{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A0B38C68D42B62C6C9B270AC13C3570,SHA256=56FDE6B74B60EDD3FE3F743AA67A54D85DBD4C0C5319949E2E28D975A660EA4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033969Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:43.298{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B25C5972D9DF48A6CEAC05CD965BFA1,SHA256=8D6E6B32AF0B28729164E7AD43AF642D5B49541DC20E1C2E753FD792A7F17CE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:43.752{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:43.067{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FD4219DB973285224127CCFACE365CD,SHA256=6D83D4DBDB7780CE50B8316B2343CC0C6FAA823BB5D9EDF7B51A18322CAEE722,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033970Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:44.423{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F01F8F68E9798F027F01675CEE28123,SHA256=DB6EE2C2AFA76F1F8A629FCF795D6A83296C9A584F1A48E0768F3E10B9B9D921,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:44.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC0E37DE0A29EBBCF254FC3FEED43CB,SHA256=AB9231AC83E20A801493EE66E0B39D2A61025BD46E14567B8CF168FCBB84B76C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:42.193{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63522-false10.0.1.12-8000- 23542300x800000000000000033971Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:45.658{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1D9BAE7A0F0E92729B8EE9EA5A53316,SHA256=06B1A4C99E0A1365CF955D5997B0D167E60F2A42DE44B3A44BED73C2034E0314,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:45.983{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:45.917{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:45.098{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F66B8138D6FC63971575D557F2BC016A,SHA256=72368F854F48867E5C33968A1C7E85305493B282C39F9A4D0C73053DE8521EB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033972Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:46.689{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED57D522BAEDC1C6FD5BEF3149C654E5,SHA256=ECD1E1381EA85E1646CECC4A5C1B3E4CECC8F965F9A1552A9D9C08F0A5325D06,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.928{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.927{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000082338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000082323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000082311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000082307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000082304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.907{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.908{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.607{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.544{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000082297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.544{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.544{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000082295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.264{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.263{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.263{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.262{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.260{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.259{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.259{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.259{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.250{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000082286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.249{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000082285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.249{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.249{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000082283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.247{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.247{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.247{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.246{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.246{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.244{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.244{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.244{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.241{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.240{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.240{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.239{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.239{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.237{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.237{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 10341000x800000000000000082268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.235{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.233{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.233{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.232{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.231{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.231{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000082262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.231{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.231{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.231{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000082259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.230{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000082258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.229{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000082257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.228{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.228{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.228{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000082254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.227{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.226{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.226{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000082251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000082249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000082247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.225{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.224{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.015{8057F119-31FA-60EC-690A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:46.117{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76FDAC2994655ECE4A29CF79D009855F,SHA256=E0C4896CE8601CF926A711B01F62F4816412B09D0922AF59944B75A93B3A3AE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033973Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:47.720{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B86D8F2843BA2FF9DBE5908D1937DD77,SHA256=8DCE518FC43C344BF4C0B2A8C99FA2E60F3829C43A8D3371F9457C60F4125E13,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.965{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000082405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.965{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.965{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.965{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000082402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.767{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.767{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.767{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.750{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.749{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.749{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.749{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.748{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.748{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.748{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.747{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.747{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000082384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.747{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.747{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.744{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.744{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.744{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.744{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.744{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.743{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.743{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.743{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.743{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.743{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000082372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.743{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.742{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.742{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.742{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.742{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.742{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000082366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.741{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.740{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.737{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.736{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.736{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000082361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.734{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.733{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.733{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.733{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.732{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.732{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.576{8057F119-31FB-60EC-6B0A-00000000DB01}9400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.144{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CA1C40D234F0E8A6BC4A304DCD2876B,SHA256=09ECCB56CF6A9CE01A3A93AB3FA457AD6729841542D0C9699C19B8F5E807274C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.128{8057F119-31FA-60EC-6A0A-00000000DB01}53889656C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.128{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.128{8057F119-31FA-60EC-6A0A-00000000DB01}5388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000082350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.044{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=58CF9B3AABFB18038453482C08871AB7,SHA256=965D12251EE94A1364ECBF0061B1B375C0FC95B06282C7289D842C7C346AF044,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.044{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=719809264DC4AA8C7A49E676A5BE582D,SHA256=3C0B5231C0099F2507AD14EBCC95143127817251950A8C20DD9C76F5F6AD0243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.044{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F218A68CE2489C5AD1A570E49A64464,SHA256=7C615CF92FD5993618B62E66552817FED9B5BA1AA5B961F89CC307601659CBD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033975Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:48.939{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB069378B1E13854E868F46715CEBAE,SHA256=A521A1163D502585F4DAC6CD5D1EE2885AEE81D1509C48DFA6310EDB212E8505,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:47.217{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63523-false10.0.1.12-8000- 23542300x800000000000000082408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:48.598{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=58CF9B3AABFB18038453482C08871AB7,SHA256=965D12251EE94A1364ECBF0061B1B375C0FC95B06282C7289D842C7C346AF044,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:48.466{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41155DA2D6372EFDC1AD139CE31B42D2,SHA256=928B7E1B689540674CDFC57850BC13591D3333E71D6B8235BEC0DE7007F70D82,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033974Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:45.395{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51691-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000082464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.883{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.704{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000082462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.704{8057F119-31FD-60EC-6C0A-00000000DB01}101409880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.704{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.703{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x800000000000000082459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.647{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.557{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.493{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE7417B9D5D305EA3A00D1839385D7B8,SHA256=572417FB7E099B9189BCE05539460F6A60A86292CF39BF0D523CB0E21AEFFD6D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.476{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.475{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.474{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.473{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.471{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.471{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.470{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.470{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.463{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.462{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.462{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.462{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.462{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.461{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.459{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.459{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.459{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.458{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.458{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.458{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.458{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000082435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.458{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.458{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.455{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.455{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.455{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.455{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.455{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.454{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000082421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.453{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.452{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.452{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.451{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.451{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000082416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.451{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.451{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.450{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.450{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.450{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.450{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.267{8057F119-31FD-60EC-6C0A-00000000DB01}10140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.684{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.536{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000082519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.536{8057F119-31FE-60EC-6D0A-00000000DB01}70287372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.521{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.521{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000082516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.483{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B024433D54A744C583EF653DEEA27960,SHA256=CAA068533DF4D9FD5C3236F284E0FBB08A5A02BCE0D81FEA127CE2DE4F874FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033976Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:50.033{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A951A8822C643112F468D64EF6AD755,SHA256=250465516C9CF16E292149D698B0B210574C7976DD847D2958DEEDC7F9FF1F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.383{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7AA8CE33C5934D7C031698F9A5953B4,SHA256=C1744E13D0D31C42FF302BDCE3FACE47D6F68298DCCA79185D588A3454174BF3,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.336{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.336{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000082495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.321{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.320{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.320{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.320{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.320{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000082480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.320{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.320{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000082478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.319{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.318{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.318{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.317{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000082474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.317{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.317{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000082472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.316{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.316{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.316{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.316{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.315{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.153{8057F119-31FE-60EC-6D0A-00000000DB01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.283{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:50.268{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B61C891717A0C6AB2A5494C91B41B326,SHA256=646744C97156CFFE9F02C94C56143D19D57E5115CE2B7FB90DAB0755E429A300,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.652{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDD23417C103233EE6E96CFE3F48993A,SHA256=D370C908150446B306AE38E61F304D8323BB6C544E519DBC7106E2BF1F82C864,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033977Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:51.048{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4EE0CDAFAFD26EC0210617535B2D7B1,SHA256=2A0EC02E81FCA53007CE21F8BB4E25B5C103825AB47B843DA940248ABDD73E3A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.252{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000082574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.252{8057F119-31FF-60EC-6E0A-00000000DB01}93126484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.252{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.252{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x800000000000000082571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.084{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.037{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.037{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.037{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 354300x800000000000000082567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.954{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63524-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 734700x800000000000000082566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 354300x800000000000000082565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:49.954{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63524-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 734700x800000000000000082564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000082548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000082533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.021{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.020{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.020{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000082528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.020{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.020{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.019{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.019{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.019{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.019{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:51.017{8057F119-31FF-60EC-6E0A-00000000DB01}9312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:52.667{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EC00F7FC0205312EF08D986CBB31156,SHA256=CE99724187B7B840E456BE852B31F9923044C965F1BF19EC222D486DC106A3F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033978Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:52.064{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC3388EC89593CF015E73FA6953953C,SHA256=A43C9B982EE72803B157F760BFE7FEA496AF0DFFAF2654D63B66967BBEEB9C3C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:52.516{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:52.036{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A97E75CD70853AE20E47F00CB04AC814,SHA256=9106DC89E8A65A80708F5D24A49AC59E6BDE7C64DEB9D94C5EF8ED71085E78BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033979Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:53.080{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA66D73CABD17AB14AB6C022F02C2A67,SHA256=135618D44DEF4242C59E5C9205E11AA7F763ADCE83A1D0F47F883AF67B848A33,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.597{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000082629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.597{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.597{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000082627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.335{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000082618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000082595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.319{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.318{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000082591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.318{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.317{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.316{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.316{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.315{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000082586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.315{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.315{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.315{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.314{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.314{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.314{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.183{8057F119-3201-60EC-6F0A-00000000DB01}10216C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000033981Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:51.411{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51692-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033980Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:54.094{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=981EFAEB81FB581A99842F52C2C24FD6,SHA256=E7CBBEE6A77269B5DB16F0E9DE61C25C84D9DFD95F607D0010AE7E05C27986D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.682{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.435{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.182{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F34431AC980C75285A8F37D1FFE9904,SHA256=324A1C0081EC081E2D24FB9121357D2B72C0A88CA4E3C97EAA3B1AC6EAAE6108,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.151{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.151{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.119{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:54.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81A1D7F295971763B1C555CAE53F1BD7,SHA256=A4EAC692283626E099C74958ED49AADF3E978CF6AE02A2D8AAEBBA876DAF88F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033982Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:55.110{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5654A8BCCD037EEE9318DCD023E2F334,SHA256=963D0836D1ADF9CF5BD77ADB914C26035CC8685E15B002C9CF084827500716AF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:53.222{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63525-false10.0.1.12-8000- 23542300x800000000000000082638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:55.135{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DFD2FD43B15886C02D7360B8DCB16DA,SHA256=B422FB8A2A6A8560836138EA1228E2DDC3AE3295F886468CD8319126D1C716E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:56.150{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=744AF4EE436AB8B9BCB3B152A0A1144A,SHA256=6A0E0ADDF7FFC4766D6DFDF4632DFBB38D98F674A632668F4E50D982F6933B8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033983Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:56.126{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=454797BAC846AD8CFD2EC840771DA378,SHA256=3D2C7C62AF29F4B33F9D0E02B0F5AB98E66929A849C6ADAEFD9DE12A488C990B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:57.197{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9E43CB1A2145D89B09A194A3CF824FC,SHA256=EB1947B41BB65B772D0D0E174144E91709E1D4B399E5C86E2F0AB4CBCFA0FDF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033984Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:57.141{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AEB76B88A02E7E38D0FAD5A2EBC76B1,SHA256=8359F316765521FC26AB01C5122EF9E02B5EFB3DCAC14F7D4ABE478C59B488C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033985Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:58.157{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60CE2A0E4C308FD013DAA69981427D3,SHA256=A2F6DE7EBA3D45FB7DA460ED9A31A04AFF53884D021E9BE7D914743F1D8239B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:58.217{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73D6F69C3FA6C2EE5879D550D1F8CF2A,SHA256=71FED835097BFAAF7E98E4316900761B4341CE91D54B6D176C17197B4F7ADE26,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033987Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:57.394{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51693-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033986Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:13:59.157{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C8603B32F00FA45D1D9816599A4E645,SHA256=C80E61756F76F4C13798A93114A79395187DC19ACEA11D40B0825CBED3C1DC6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:59.241{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84CE9CB7EE52BC56A52D85DC06268A38,SHA256=E40EB695E10E34390C91F0E408530F3CADFF171DA97BCEA3E2BE2E28C81F5149,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:00.241{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=159617453D74CDC319BB2EADFDABAB72,SHA256=5800972790C09CBCC795C2EE6428F20AE631FAF60372D0CFBFC42D92050CF893,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033988Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:00.172{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BAA7AC94E61E1BB77090DED818C26F0,SHA256=6B488AC9067135EDFFE8A88E69321BF0197A8CACC671471E76EC8C0B51A334D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:01.256{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C165B4F13104E9EC9602ADBD04B539D0,SHA256=1596BC3DF777499B7FE62CA6F0D0CE7831C279EE5A0F44E32660ECEEBC9883B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033989Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:01.173{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5E6D641ED729A8128D1F7C0FE5F57D2,SHA256=53ABB4783A239876525E715DFAA2D66D7BE85D93CFA79F5105D0AC736E4A7D28,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:13:59.244{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63526-false10.0.1.12-8000- 23542300x800000000000000033990Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:02.188{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60FBCC190D1891052A57DC3C4EC37827,SHA256=049776324E65854FAD16985B3E43A78109E0156D8B56BA038A8456AEF1BDBB54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:02.262{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EAE91201F2A6D2D2277ACA43B53696F,SHA256=F8C3C13E18DF96784E19077313038B34A6203495EB30E8D2C8E234095582A91F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033992Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:03.282{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033991Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:03.204{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A216FD1AB07FB8DD22C1DC9FC08B0487,SHA256=3319675DF9EC0860AF62287989CF61EDD5B3266D4A124833D11BEDCA086B4E19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.331{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1FE70E6F56E60B478DD6F9C7E59E638,SHA256=150C6010266A842034AB1B3B74B08F290D494D208CBBC294C7A3D0D80E09A2C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.330{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=706F615AD08E14CD7A6DAFACA5B44876,SHA256=B02A471C9D3FF4C6160C58BD964CACD9F7A964AE7465D43A57251E83910E06C1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1973-60EC-0206-00000000DB01}1608C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-1980-60EC-1106-00000000DB01}2848C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-197E-60EC-1006-00000000DB01}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C2-60EC-5907-00000000DB01}500C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:03.147{8057F119-08A1-60EC-0D00-00000000DB01}896916C:\Windows\system32\svchost.exe{8057F119-21C1-60EC-5807-00000000DB01}4480C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:04.345{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C8A074525D9A417540721D327B53B10,SHA256=9B7A1915755FD9038C9A85E2217A94CE803DC629250D14CB2DC3154B252A5DD6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000033995Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:02.613{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51695-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000033994Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:02.457{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51694-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000033993Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:04.219{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=577992EFB2294A1E37BC0423F36824D7,SHA256=0D313D3670F07C231AFE01E764B09668255C45F9511E68E4FB284A31A15A4522,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:04.245{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.891{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.625{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.576{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.576{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.576{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.507{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.507{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.507{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.423{8057F119-089F-60EC-0B00-00000000DB01}6323996C:\Windows\system32\lsass.exe{8057F119-089C-60EC-0100-00000000DB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x800000000000000082734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000082733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a1e64a) 13241300x800000000000000082732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770f-0x0697d546) 13241300x800000000000000082731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77717-0x685c3d46) 13241300x800000000000000082730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0xca20a546) 13241300x800000000000000082729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000082728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a1e64a) 13241300x800000000000000082727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770f-0x0697d546) 13241300x800000000000000082726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77717-0x685c3d46) 13241300x800000000000000082725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-SetValue2021-07-12 12:14:05.391{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0xca20a546) 23542300x800000000000000082724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.360{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF40CEB7BE0DA636DA4CF332D0993112,SHA256=CA4CC3AFCC7887B862925C487133E18C43E5133FAFEDEB0D833FB0ADC4159BA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033996Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:05.235{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FBAB3365E5F6AB9A72CE7AF8FD3D70E,SHA256=F4CE3A83D495683EE3F05E2AB2AEF9F259579E6CAE082E54667E8676E3C0B220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:06.691{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=113F1B0B2E8E71B984DC7891C358E589,SHA256=ACDF8B1A8F650A913AF11EFAF9835705F5E0BF20B99566B4D30FFA8005986868,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.552{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63531-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local49666- 354300x800000000000000082754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.552{8057F119-08A1-60EC-1400-00000000DB01}1076C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63531-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local49666- 354300x800000000000000082753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.551{8057F119-08A1-60EC-0D00-00000000DB01}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63530-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000082752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.551{8057F119-08A1-60EC-1400-00000000DB01}1076C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63530-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local135epmap 354300x800000000000000082751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.468{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-89.attackrange.local63529-false10.0.1.14win-dc-89.attackrange.local389ldap 354300x800000000000000082750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.468{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63529-false10.0.1.14win-dc-89.attackrange.local389ldap 23542300x800000000000000033997Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:06.251{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=269FB78BE245210AFA9E104C2AE74651,SHA256=8478ADBF2133466BBA85845DC5A750E06EE50DB694625FCE99F50D7FEC5AD4E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:06.329{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46C35100F4F3A190CACD09B237304625,SHA256=7BB331CAA1F0FE6E481A2E1B9C0327072AC2DA9DF6888D95DF748A6F80050BC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:06.329{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4F908D601B6BA08DC474A559EEA71A65,SHA256=E867D8F99D99E05C8B9B80287256BFB10D30930819981E03B0CFA907A6AC60C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.451{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63528-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000082746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.451{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63528-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local389ldap 354300x800000000000000082745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:04.364{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63527-false10.0.1.12-8000- 10341000x800000000000000082744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:06.291{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:07.582{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74BD3CCD4E3C4917CE53C5ED7D297C38,SHA256=14549FED4378AC284E88032686A39C7495FDD9996E75FEFEEE404320E75F6B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033998Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:07.266{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5367AD9CA3B5FB923C9558106B5D386F,SHA256=FE4F04AE294458272FD0E41EB645537099EFB60D1D2ACA91018817F3E239212B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.560{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63532-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000082758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:05.560{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63532-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 10341000x800000000000000082757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:07.177{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:08.880{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:08.596{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=529C58F50DD0595E843B28E046B75E08,SHA256=2E679E4A97560DBA058A881752CB13E48734287625E7909740EBDCA29D69FE9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000033999Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:08.282{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11F0EE0E7B853DDAC3A82B11B180088A,SHA256=3EA1905A774346407E7BB645CBF0F3D9A9ABC6E5DF32DE7F8325BCACA7DBDF13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:09.632{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E57775C17053669E21B83DFB73B001D,SHA256=2515BF27656BE3E83D7D99429AADFCA47C129643F969CA4F19A0AACCA8E889CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034000Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:09.297{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3675574346981B1DD9BE99D5B39023B,SHA256=67A615D8032B9F0732C9D835DDF6C2DD55D65E5A11592BCA5294D14103B4725D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:09.528{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:09.149{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:09.096{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:08.996{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:10.667{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E157A3A8502DB800BB54475C62F1638,SHA256=F756776FE996581801D3E233062CAB2C093FFFE62EB6C14DAD0B64C63644885B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034002Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:10.298{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B7E1296664B2D3445A4C8F7A917C775,SHA256=6F802154983EAA1E67F396ADE4B34C1DE74CB619AFEE28D5C8164FCD7725636E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034001Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:07.597{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51696-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:11.684{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=306DEA12592A884DE8A949FACCE84C76,SHA256=24C2E522700E94FD4FB709474BA2CFE1D31A7070116A7EC78912D9AEB50CA042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034003Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:11.313{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF8DFA5B90508CFA3FB3751B8BE51D51,SHA256=43E4439D4E810A2F8A88608821F63604DF4CA1637E6296151822A8E143B1C065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:12.684{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86E22AC51238FD5715CAB5906AF9EE23,SHA256=130ADB5F3ACA4EEE464B289CD2ACDBD511E162EAD16DB683EC35B6A1A14AB6FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034004Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:12.315{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB1FE72B0DA735751CD48A1AC9EF73F1,SHA256=B0BDEEB517C7F07FF52966085054B8261E93E2AAB5FB3027A8DF56E198239B67,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:10.254{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63533-false10.0.1.12-8000- 10341000x800000000000000082771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:12.283{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:12.283{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:13.699{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654E388F19D9EF223088A89DD5EED491,SHA256=598C47ED391B0133E92013AABB95E1F2A594024428696C5FFC9FCCE844C7AEEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034005Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:13.323{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8691F21109342286F2D4F8EECA569A99,SHA256=096EC98A9E9B4F878440FC4C308EF2CCA91B595D48303A13E518246D1BDB9B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:14.752{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F09D8943C909A3616EE7BC8819479BE0,SHA256=D9DB13FF53D081B3661FA155DCD91F9F458FEF12088847A1FB4A3551D2E3C534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034006Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:14.333{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14CF37AF06092C1FCC3B04CE73A1303B,SHA256=0DE82D21074A2590F3A0A757CD9A4FCEFA8B8FBDB8D44017729A1EF89E45A636,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034007Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:15.348{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9174E358B8F1BE06107B04B6DA54084,SHA256=BDB67A5FE44E318DB85CE01FD2155E16FF04E938A30C942F38A8687002355311,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.782{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1972AA21D4B1889209C29B24AD7139F,SHA256=C890693CAA6AEF713C07B5148ED7E4CBC4D76114F8D2176928EE6E9647502D72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2516C2AD9CC0BDB4762A71DFCF937CD5,SHA256=58308E8250A0E9619DC7136709FEB977BC06D9A953742AA2C723885909E2A9BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=05BEE01D607ADEA9BE3857763BEC45B7,SHA256=32E6D36CB5B5A3A59A2D60D5B250E58E9C4BE1FCC192DB7E40BA6885413F28DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4EEAE861C2016680184362927FF2BB6F,SHA256=5AEF209BF98549AF8A0C20704A5E82CCA76B6439ECB5CC3CF431A08D50B52751,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=58B44BA808853B5FEFDAE5B3179492B7,SHA256=A571C296D2441D66DB0968BBC1111B5082C862F909F82E1A30D6FF373BB7386F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5135FD734BEFE9FB642ACC9F5AF05F19,SHA256=67B1D211D06401BB5F49628813A9BF648F6698209F3D1A7626BCEB0B26B81FB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=23868333B8F6FBB6C69DEC8E263D302B,SHA256=89CA401B18D00224BB5D9D0ADE85853A2567ED07AD25AD746D10EBE785BB7414,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7312319DE5EB6A2A148E8780C240652D,SHA256=84DFD8979F9BD23C60F307B4292326F73D65DD3E71DE9B2CFBC1CB76894CC14A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=DB3FFDFB40D1BADACD659CDAED6B67A1,SHA256=5FA38B101855F33EACBD741926216D18BC0C9FA85C26DE77FC180F97C1F52914,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=1CF63D0BDF025F6DD5383A01D9218386,SHA256=9CC3C699B455D718F42B2B6BE9B3B6DABCAF94D610680D1C55695F59748E71BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=745A3C96B78EBC1C580D35ADB7209756,SHA256=5A5D41C115E20695449DC9DD983D07790A528949CEAFC5E145419692BB67ADD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:15.698{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=68EEA37AF2240FF5CAA9183D95C820C5,SHA256=92CAA696F05CECB643B0338D1D089100C549F9444E1C68873F4AE0B50C7F6917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:16.783{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC953F8D9FD78E3CCE884644C8A086FF,SHA256=7626D8A45374214E9E709BE606A4C3084BB4BFCB156228E392A5B47A1F097EB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034009Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:13.585{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51697-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034008Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:16.379{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F8F2ECC72EA9773044D5B7D32319DF9,SHA256=1D5C5D4B4B7FA872BCA7F7741AE6A65EC1054BFE1FB0B68AAA3C210EEE56D316,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:17.798{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B1C32DA65BB5B5332716870A23CE6D9,SHA256=1D9AA1DEF22C929C35C235637E5EBCA060B969D4C402FA09D8752726739708D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034010Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:17.520{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A79AC356A9D63E6EEBAC17B91FA690E,SHA256=D5D6AD4CF3D66792DB80EFE0228DCF3AFFE393E1B6441F969E6F76D243417061,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:17.134{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C98DD799C2D8B1EB5FB5C1846E1DB9A,SHA256=09C59F1CD6BB13178D08A6F12B890301EA870C087975627197CF18528A0296C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:17.133{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46C35100F4F3A190CACD09B237304625,SHA256=7BB331CAA1F0FE6E481A2E1B9C0327072AC2DA9DF6888D95DF748A6F80050BC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:18.813{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A06DF1980FE448CDE46DA25CD43E8166,SHA256=A52E3CA06641C6E1370D35A20878E7814F56EDB07DE31418B84B4EE646B522D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034011Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:18.536{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDECE6FA9417BDA5B3E4825A76CC5E58,SHA256=3B08A1623E7A4264B2537D7EB78F9645A66978CB5FD9492CE5DA461A90099C24,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:16.270{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63534-false10.0.1.12-8000- 23542300x800000000000000082794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:19.831{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E19716CD0DED55A8F1CB893B0FCAFE17,SHA256=A7D2103768ACC2C35ACD020BEB8335846962EAD6EFA95724F61F7828A5F3945F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034012Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:19.551{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94EFDA2EC121815B4F0DEE67E0CF3249,SHA256=10F71235FF6D925E18DE7016A671043A1DFDEDE162012CB77CAC592075C3C8AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:20.850{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF2EEF8162C988FCBCCA924377B4323D,SHA256=9D962B083B5870D25A7876A0EE41DB5A8ACF6EA88284DD2DFB3976EE5B59643B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034013Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:20.583{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C219222EDAF7B4919EB6ADD71BF4EA7,SHA256=9C6FDD663BFCEBC97A175844322861A00825F421686DB7E98556F78DADD3BBDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:21.865{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C0B2BE12C003E1723DA94227162844C,SHA256=502417481A3278F2E338B6308ED2EF4046EEF199A6A6CD803CF8399B77C18DCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034015Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:21.598{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBA0DFC9DE92484619C7DBE21585D1C8,SHA256=4E894B7F22A6DCA1C05A1030062792D63AC59F87FC3791EAAEA135D72BD4FFC7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034014Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:19.601{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51698-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034016Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:22.614{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FCA3D607AA76682739D5BCAC004A5C9,SHA256=A27AF1CA524523050E6EAC6C33159E38A4C9463CB047671E42C9046D639411CE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:22.933{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:22.880{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FEC2EC1F72623A12A00DB1552BC113C,SHA256=D1867DEE4D8A333196B12DE3A580333E3639688ECF135464B3479CD4F525F971,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034032Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.848{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27F5EFDA87CA531F20DC23DBA1225CA0,SHA256=ADD3DE96E9148527E5A25E040467280827DDD46FDC0574DC1BD56BDE8F694420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:23.884{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=192CC22E230EC3E96363CB95C2D9C7ED,SHA256=4CF059BDD8376E5A88897E6477728075C23DE920C8FE8788893F58B098D50D5F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034031Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.536{50946567-321F-60EC-7505-00000000DC01}34483776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000034030Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.489{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=92A064C0D539C8AD3B572A8947562950,SHA256=7C9E2073AFE491BEE9A3775DF38CC171B04CEF2B07D45568BC6EB280D9D413CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034029Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-321F-60EC-7505-00000000DC01}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034028Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034027Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034026Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034025Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034024Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034023Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034022Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034021Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-321F-60EC-7505-00000000DC01}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034020Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034019Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034018Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-321F-60EC-7505-00000000DC01}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034017Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:23.333{50946567-321F-60EC-7505-00000000DC01}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:23.599{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:21.371{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63535-false10.0.1.12-8000- 10341000x800000000000000082801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:23.251{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:23.079{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=DED4F87B84B7E9BF94BEFB2FC1DFA191,SHA256=6F487D8A2F0FDEECEA3DA3E95B1174B45C433791B9993F7D848FC3EA8738938C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:23.011{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:24.899{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87D07EB1C881C5E4161B8B0AD09CD170,SHA256=EF295917D12AACD42169316105C73FB4820AE01076C540F9A91849CDCEE42650,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034060Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3220-60EC-7705-00000000DC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034059Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034058Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034057Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034056Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034055Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034054Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034053Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034052Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034051Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034050Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3220-60EC-7705-00000000DC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034049Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.676{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3220-60EC-7705-00000000DC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034048Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.677{50946567-3220-60EC-7705-00000000DC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034047Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.348{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=060011826251D415B8A88748F5F8442C,SHA256=C28262FDFCE647D97CDE133BABAAA1EA14DA5FC2BBE354A193BDBBFDCAF1F186,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034046Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.348{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6AB0863C0CD1E6388A4CE479D06F15AC,SHA256=F21A104D42C9FC7ADA8C1D4F52E2286AEDF42698E91A6083F3B97F66E351E193,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034045Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3220-60EC-7605-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034044Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034043Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034042Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034041Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034040Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034039Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034038Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034037Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034036Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034035Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-3220-60EC-7605-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034034Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.004{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3220-60EC-7605-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034033Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:24.005{50946567-3220-60EC-7605-00000000DC01}1344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:25.952{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:25.914{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C14EE0CF8115B5AAC61DB2D286ACF27,SHA256=D50DE2CA5BFFA717101AD5DD996B074ED8602EAE982FA7B89C43AF788F529C41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034090Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.879{50946567-3221-60EC-7905-00000000DC01}22122120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000034089Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=060011826251D415B8A88748F5F8442C,SHA256=C28262FDFCE647D97CDE133BABAAA1EA14DA5FC2BBE354A193BDBBFDCAF1F186,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034088Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3221-60EC-7905-00000000DC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034087Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3221-60EC-7905-00000000DC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034086Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034085Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034084Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034083Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034082Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034081Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034080Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034079Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034078Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034077Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.692{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3221-60EC-7905-00000000DC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034076Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.693{50946567-3221-60EC-7905-00000000DC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034075Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.504{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA8DB2AFE2C7127627781FEB33851C8F,SHA256=98FE1570CE5C07C8164A5043E4FF6D6AB9DACFE8BF6C9BB0C6B3D36FB0D6FFE9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034074Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3221-60EC-7805-00000000DC01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034073Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034072Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034071Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034070Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034069Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034068Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034067Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034066Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034065Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034064Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3221-60EC-7805-00000000DC01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034063Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.192{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3221-60EC-7805-00000000DC01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034062Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.194{50946567-3221-60EC-7805-00000000DC01}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:25.698{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:25.315{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034061Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.021{50946567-3220-60EC-7705-00000000DC01}1068356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000034092Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:26.879{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C6B7DDF5BD65D19BA3FD35893ED13A4,SHA256=D598AD162B50A38002A3973A215CAA0C7AC86A22BAF14C30F3830DBF3A4F6113,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034091Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:26.879{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=501347FA9CDBA637276BAF1B0490033B,SHA256=4FF44614BBED7990248F45A73589530DF2199C19DCB07DC552D52467722BA213,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:26.916{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E7AED4DBCC246AB3F3F0A69E0966580,SHA256=94CEE7D8E814D660C9CBF93BD34E13547A58B91B3545FF51ED6DA41F8669BEF2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:26.634{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:25.439{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63536-false10.0.1.12-8089- 10341000x800000000000000082810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:26.269{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000034093Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:27.895{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EC3BB3F8E7E3BD94984D20081B5B5D8,SHA256=9DD5E0D7D7E0F5D41571DEA08091308D415407609AB39FBD9176FE06BCC1A242,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:27.935{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4328521AD27EC7EB49E67A7A19559123,SHA256=10B7B1D5EC31E4D889EF501001E48EDDE99F06F8CEAE7BF0C9913E461EBF3C34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:28.953{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B7518727D4EF6FF3D734F4E7D1FF2E0,SHA256=27360D3112CACAD34723092FBDDD5DF6951C97DCEF5A535AB0EA3CAA1E0FB2E5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034121Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3224-60EC-7B05-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034120Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034119Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034118Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034117Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034116Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034115Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034114Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034113Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034112Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034111Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-3224-60EC-7B05-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034110Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.958{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3224-60EC-7B05-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034109Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.959{50946567-3224-60EC-7B05-00000000DC01}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000034108Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:25.523{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51699-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000034107Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.489{50946567-3224-60EC-7A05-00000000DC01}29921580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034106Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3224-60EC-7A05-00000000DC01}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034105Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034104Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034103Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034102Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034101Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034100Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034099Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034098Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034097Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034096Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3224-60EC-7A05-00000000DC01}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034095Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3224-60EC-7A05-00000000DC01}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034094Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:28.286{50946567-3224-60EC-7A05-00000000DC01}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000082815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:27.257{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63537-false10.0.1.12-8000- 23542300x800000000000000082818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:29.969{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E16EB4595E4E36365C879077C5AE714D,SHA256=40B2C358D842C6A593D175CE749B2E62088139B0D335D5037BD66AF0EB693D87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034123Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:29.520{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=55487D39D75DBFA0D6BEEED89363A8FD,SHA256=B4CABE82B0E201B6A807E0302441C648A12A68E2F3EF697ACC0CC76CEA6FF908,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034122Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:29.147{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99409EDFED3EB5E8CE5383CC969B93FB,SHA256=A9D6FB64A6EBA522FA42C94EE02C3D6EAFA92980397017F4F6F068EEBF20E328,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:29.485{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.983{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CD5BE45BE33522501B39633AA6B5960,SHA256=9B08B757B31400D14C3E3DD67B11A8A00CB58405727A780CA91ADC12B398380C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034124Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:30.379{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB0C52F91E73C273F35D5D0739A93072,SHA256=861EFA7F4A00EA25BF73E79825BBFE3DA1E0C074C3A9DEFB9F697484398EFB0A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.815{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.500{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.500{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.468{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.468{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.453{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.453{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.453{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.453{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.437{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.437{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.437{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.437{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000082825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.215{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.184{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.184{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.184{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.132{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.115{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:30.115{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000034125Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:31.411{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10795FBDACF925979AFD4F8557610B45,SHA256=B56CF994C7902A94A95932BB442B956BD4FBCF8B7A70A49DF36C44CBCE09593A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.867{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.551{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.468{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.468{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.468{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.468{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.452{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.452{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.452{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.452{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000034126Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:32.426{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB5A682DECA400B176A9EE92D8777ED2,SHA256=B6F2C5F2742CC22D31EA600C1A1DF1C0224A7CB7C885069E61BEBF2BD17E8ADC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:31.998{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4ED63381D3C932F0A3B87D0E4D8AF6C,SHA256=27A6855B1B6E1E26D9C10EFA255C0B4B713420171DFACBC199824D066EB31B15,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034128Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:31.554{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51700-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034127Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:33.614{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7DBE9F24FBA3CD4387BFA392C3B0333,SHA256=C84921758D62EFA6F5034380F10BBCEA8F3B1A16E8CDB5805067B5ED4DEBF979,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:33.467{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2BB4-60EC-4409-00000000DB01}7908C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:33.467{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:33.013{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0B003E4462248944EDFA7A55A6CBF96,SHA256=90F83291E7C45DFB1FF3BE54F3119B5904CEB0C5D8A09FA7294E6B35A8BAE7B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034129Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:34.622{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F7DBC5C3F8477D3B825744BE60E87B1,SHA256=9296B1A9FCE3A46610A65CE974EE86E494FF37CE520463FE20C1BF240FC89135,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:33.192{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63538-false10.0.1.12-8000- 23542300x800000000000000082854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:34.014{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B2554BDC254A800D6C1584AC7BA0A2F,SHA256=AABE0720FD0E49F8C3A908124E92D50763BCB591AEAA79750E0540EAC734C6FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034130Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:35.637{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6204FEEA0BD0E24949FB21257E4F0D0E,SHA256=C126F95B6E01F9C502460FBAAB2561CDD5ED7251A13E6124166E25B9E169EC65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:35.032{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EDF6397260C3E14EA1481E4FB0DD428,SHA256=4FF4B4A6DFA23AEA6AC7E3A9BE247FA5025F24AAA8DCD5DB7476ACB6435AE2DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034131Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:36.638{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A10A3B682A01D672E5BA353C3A267BFC,SHA256=859DD364F3E644AD4684BB78EA7B177A0183A7D32089E25B48DD55D7ED76F1BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:36.050{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AC0120B6DAE741A9AEEF31A91CF34BF,SHA256=F772374244F76FD2ECDC68BDFD0FD2190FF0DC313B37B6467397FD45C6B353B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034132Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:37.887{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A2FDCF9EB65B817C7A11AF98969F151,SHA256=8A3E55DDED9566BF247CAC343CF756C78CD4A337D2D6FAEB460D0D8D4250300D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:37.064{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B81262CF49AD072585146B39297DB36,SHA256=28DA77059FD0D493926A9CCA709AB0A0DB0D01859CBD845046F12202244B3C19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034133Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:38.919{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61AD205974433235CA7A9209B425303B,SHA256=F4910BF45A0A261998EAA0492E1B5EC68B4F2F1351A2FE395BD1EBA50657B342,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:38.079{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C5BF29B1C6B495D4FAA34F02EDE7B10,SHA256=0B24983B627380AE131C8920DC2D346B1B2D1D934F0697C97F4BDC2796B42C28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034134Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:39.934{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1649DC7823C5EDF18C2D5F8798B6609B,SHA256=B11C49082F1B908E8A9BD091AA69387B963C23ED2D9A78A3F91E76210E844607,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:38.367{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63539-false10.0.1.12-8000- 23542300x800000000000000082871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E96509DFDFDD1CDD713F1B3D71C7D795,SHA256=2DBC74FC167EF0B0A096B7CA0F687917CB031F58A5937A96B5E4CB85B1C829C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9D25F610E461FFF1B86E0807997B2848,SHA256=C7283D6D6C27B9831FD0E671BCBA3959CCFBEE57F2E33EE0C0255CF61ABA45E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=939C53D1B7F075B80950D188F20DC920,SHA256=8BFBED3068D7D0ACDEB3FF1EE9F2E34D566BD5EC3DBAFD4B847862EEAEF37FFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D3DB9F1CF8FB02F12000A93D880DA568,SHA256=0A2F0DD1DF0299C910D58CD57620AC1390A80E0B2D9D008ECDE80F6C89B8FC5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B9FFA3BE3E951F08772E33D808A8B26F,SHA256=AF856F44D48C0EB95EEB26F89877C65602665BC4B1BF385115283ED12649C437,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=19DC6DD57D558B468D096254B8CD6F6B,SHA256=FC9DA900CFA5EBB525946B15D05E2980A22E5A8F77AEBBD8DAC64007F8A394D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=DA1F699CC178817DF54551A2772249F8,SHA256=9A5AE45BADBD2F8E9BE58773309EEAFDF05F7C820DD844799E1727B3BBF4CA4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=320FFCCFB21CDFE5856087A6E4C71E2E,SHA256=04152DD3237F072A4A651355A5E6406ADD50A1305A146F4308DCADA1126E2035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=ED3FF8BB652A4E0572DC1FA61D8B73E5,SHA256=C06DD7EA591BCCAF0E0A463E23823F61EF4AA14C51B81C2975EE3B927B0D5103,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=0B580BE92CE306CAF32E71671EE3154A,SHA256=459D20ADF04CC8C562DFD1E34DC047C9E549E10C9EE10B94C39162B7F1A02095,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.650{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=1213925CC41A3C35EB03E89FE37B43E6,SHA256=2DB6A477BA01F3206EE11EE886EAFE1FAD482BFCEC4B3AE2A8EE1D65C787A708,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:39.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FAE85E4DF3EFC286A2706C91DCA858B,SHA256=BBB5FCFA2D69EA9B822D6313EB4F3AC7E50F1F3ACD5F1AD6A5C19D800BAAE2FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034136Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:40.950{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD9C84D0B814324590BB44A035842BE7,SHA256=99B62597F5DFA639C14FA5338270994DF99E6A5E4A6980D28539164DCE660942,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:40.112{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AF337971136DAA3B6A60364A6392B16,SHA256=FEB23AEE1515F94543104A22762876D0CBD2ECBB28DAAC4841B31DB4D33632B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034135Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:37.562{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51701-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034137Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:41.966{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED8F59A8BF69D53A9C5905F81202C531,SHA256=E9D6256B18F14AB01393E243170A7144CE500DEEB21DBE605C844DFFFCAC1CE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:41.113{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67A219EC88F9072593895A70BA3B34AB,SHA256=C5BF16BF3721D5E17C9D75D7B8EC03C13B8905938A979225A9CCE3A5DDC0F98B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:42.131{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06034644B2295C3792CC117B7143155B,SHA256=A915546E3911E21764B1E2D86F4E47DE0CF2A154CFDEE3E5730E0BBE49B7CCB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034138Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:42.997{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB71B0022946CF02066595EC411D98D4,SHA256=69535D934CB33B30B8434D217FACBA66869DF173BBC24226BED77D73F335CBC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:43.150{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=049DD44206042682A4D07DD4EB599C95,SHA256=637FBCAAD73A5D279E409CF2245EAAE307085C83A9D16C095F93022ADCB46DBC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:43.369{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63540-false10.0.1.12-8000- 23542300x800000000000000082877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:44.181{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A6CECB9EAE336AF527F68C3ACE9D5B6,SHA256=7DEE4D6A005F2668D1398E0578C8B67417A2320DC84A037716D22436F74A085C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034139Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:44.231{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A253D70649C2416506656A4762A8AFE,SHA256=D8CB68F9C720911AA65BA3686660EFEA257F92FE971E3B1BC5ADA9383BE593C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.182{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1F9313735588877A2B367C33729F4D8,SHA256=145D1A11DDE0DC768ED7197DFCA6055836BF23AE9E087F3A1AA04FD3A1DDE8D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034141Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:43.437{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51702-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034140Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:45.278{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E4CFF9F395A99C2F8FF0D0697C6647B,SHA256=CD20154983303064C279E0F4E8F87042A110292DA0881DBB51C5ECEA84931193,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=D037E4BC14D6A42B044E1A84A9F48244,SHA256=4D14B49BF014565C13FBC87B139C142FBF399C899E79A58D7F48D6CAD411EA13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=4FC3D3C371EE9D05537B8677FD05E874,SHA256=663377DA4E4ECAD3F575E7005E7998A856C03EFF70F25EE349CF7748D5E291AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A60B88C9F202565FA5E66F229F913340,SHA256=C9CABA960936036E7CAB8334BFC62D57EB3B80C4B963512D16F47D146D8727C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=EE1800E33E2DBEF993083DAFB2C584E5,SHA256=6FF748B40E28DD7FE62FAFE549DD16C500BBEC805067A78943972FE46BBF3EC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=FBE1F4362AE4A8C192CF4D56F3C14ABC,SHA256=C73E3A655E30DD4E221A28D35F494E1BE39A998425DE49314EBFE63AF2BA140D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=28EB32CC38F8B106121DF499D93AEC9D,SHA256=AEA5B2262DF3E80F496AEDD8AB92E07767B1F05BFB60956FFBB592A0CB62B635,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=BB6CC8CFCAF9959C110780135F8B1E77,SHA256=308BBB41FF1DBE4ACD0D994C1D25AA1CED1B56930DA6453BC89E5FD78CCF16BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=9BA5C01A86B2BB4FEDA735CE0F103DA1,SHA256=98CF847959AB6CDE67F73EE6950AA373F15E5881B174FBB3278CEC024601A454,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=730260A256233D74FF0C329D78978681,SHA256=172820194B2CD81508AD341A217B0EF3D341EC49BB6BF09BF612BB6DF9E430CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7725EA750DD7163C930BF12F4FAFF09B,SHA256=04024EF793707DDBDC49F219474173E13809E6728927C4E0D498A1DDEC316E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:45.050{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=050BBBAEE6F316A1D11EACCFA8844468,SHA256=419A570EAD8836E860C5224CE354931766C094F26427A034069960608ED53924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034142Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:46.294{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E931959DF5016AF488A4C09871BECA7,SHA256=74175A017C23E7ADE309E494BAE85A8BE4F131148B7770D83ECC037BA5CC04E9,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.813{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000082996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.813{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.813{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000082994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 23542300x800000000000000082991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14A518501FA8C12C602E109648DC21AD,SHA256=01911FF115FBAB7F7F37B42F65309AE8F354765D1825912BC2A3AB15307E4FC0,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.550{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000082984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000082964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000082961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000082960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000082958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000082957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000082956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000082953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.534{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000082948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.532{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.532{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.532{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.531{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.531{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.531{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.529{8057F119-3236-60EC-710A-00000000DB01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.296{8057F119-3236-60EC-700A-00000000DB01}64847232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.296{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000082939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.296{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000082938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000082937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000082936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000082935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000082934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000082933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000082932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000082931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000082930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.051{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000082929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000082928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000082927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000082926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000082925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000082924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000082923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000082922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000082921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000082920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000082919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000082918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000082917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000082916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000082915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000082914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000082913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000082912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000082911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000082910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000082909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000082908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000082907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000082906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000082905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000082904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000082902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.034{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000082900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.033{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000082899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.033{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000082898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.033{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000082897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.032{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.032{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.032{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.032{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.032{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.031{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:46.029{8057F119-3236-60EC-700A-00000000DB01}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034143Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:47.528{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A193662DF9E38158DEC5C5E96D4F54,SHA256=EC0661CCDA19216CCD8C9F49FCF57D531191490BC401C84135FF9BCEB234B8DA,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.399{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.399{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000083050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.399{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000083049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.367{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF496648A9529DB10C198096E652AC84,SHA256=9DEF00C70DD43907BE7D5A4FFEBAB7B3F2E8FE010D16AE11C922635CDB45972E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.167{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BE0C07A4D6DD7A13BCB76AA57772ADE,SHA256=6E483795EFA2143334F89EA4EAD0EF7FF63BAE9E2C16C4518ECDD353B2B3F7CB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.152{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000083046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.152{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000083045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.152{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000083044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.152{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000083043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000083041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000083039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000083038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000083032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000083029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000083026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000083025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000083023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000083022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000083021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000083019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000083018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000083014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000083013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000083012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000083011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.136{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.135{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.135{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.135{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000083007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.135{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.134{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.134{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000083004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.134{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.134{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.134{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.133{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.131{8057F119-3237-60EC-720A-00000000DB01}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.052{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B34D88111C7837EFA762F5957F027AE,SHA256=51F1E21C9C79930C17A805DA02BBFCE6267273039DF5A854B6BB169996468DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:47.052{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C98DD799C2D8B1EB5FB5C1846E1DB9A,SHA256=09C59F1CD6BB13178D08A6F12B890301EA870C087975627197CF18528A0296C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034144Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:48.559{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D18E918D31420DEAD168A3578B9B23F5,SHA256=537AFE1FCBA2E14515603EB3A7970FDAA3EC38794D125F83BAA17669056ED237,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:48.698{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0,IMPHASH=60006258D4DE87B31BEDA805A8CC8040trueMicrosoft WindowsValid 734700x800000000000000083056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:48.666{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20,IMPHASH=D1267CC8F49B54A66A0034D2C4452E93trueMicrosoft WindowsValid 734700x800000000000000083055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:48.651{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6A,IMPHASH=52DBB027F849F4DB11CB3C2B56C0E9FBtrueMicrosoft WindowsValid 23542300x800000000000000083054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:48.382{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF219DEA14298CDB1627E5A8C50D71BF,SHA256=20DC6D32BFE16321FEC4663286E2D4F97C4CE7E90AC5FC46046CF76741BEC4F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:48.151{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B34D88111C7837EFA762F5957F027AE,SHA256=51F1E21C9C79930C17A805DA02BBFCE6267273039DF5A854B6BB169996468DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034145Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:49.622{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0DA10DE813281D817C065580A46107C,SHA256=F31E666C312EC89549D9593A0DF4013BD7A6F087F4EE77074248C6DB3BF04743,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000083163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000083162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000083161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000083160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000083158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.950{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000083156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000083155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000083148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000083147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000083144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000083141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000083140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000083139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000083138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000083136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000083133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000083132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000083130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000083129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000083128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.935{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.934{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.934{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.933{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.933{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000083123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.932{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.932{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.932{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.932{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.932{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.931{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.930{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000083116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:48.373{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63541-false10.0.1.12-8000- 23542300x800000000000000083115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.730{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AED0CB37E03D60D3E38167FD57516CA,SHA256=5DDE6A70917D0192246F7893E5A08E37F60BBD34BB8276321496AA1FE3BF1688,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.613{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1549f7|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000083113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.613{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+154962|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000083112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.613{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f 10341000x800000000000000083111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.613{8057F119-21D0-60EC-6307-00000000DB01}71726772C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+154947|C:\Windows\System32\windows.storage.dll+154323|C:\Windows\System32\windows.storage.dll+1541a9|C:\Windows\System32\windows.storage.dll+27be5|C:\Windows\System32\windows.storage.dll+27b2d|C:\Windows\System32\windows.storage.dll+26076|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 23542300x800000000000000083110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.613{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFa29304.TMPMD5=D02E65C42AD32F3ABC147AE7AB968251,SHA256=E8818DF00616D25228108A1EFC74316126A1FE625A120883CCA21C9468504286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.550{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\aborted-session-pingMD5=0C9CE0FFFE4C0C41D204A3BE77D74345,SHA256=500FFBA6341B48A3351B1C7BF06E98D0582048ABED91C9BFBB09C34F89DD96B1,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.497{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000083107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.497{8057F119-3239-60EC-730A-00000000DB01}38606764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.497{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000083105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.497{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000083104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.297{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000083103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.297{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000083102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.281{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000083101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.281{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000083100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.281{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.281{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000083098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.281{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.281{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000083096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000083095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000083089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000083087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000083083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000083081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000083079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000083078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000083077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000083075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000083073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000083071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000083070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000083069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000083064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.266{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.267{8057F119-3239-60EC-730A-00000000DB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000083395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.665{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000083394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.665{8057F119-323A-60EC-760A-00000000DB01}8996616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.665{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000083392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.665{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000083391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.650{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ninput.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Pen and Touch Input ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationNINPUT.DLLMD5=BF084D22F7064E686F9BBAC541C680B5,SHA256=ED2E99746A98BAB14B5B565E5D3F092143AA2D8BD0CBD08FE047B64AEF5EF440,IMPHASH=ADED91AA394AD8A3D54B5A54F35771D4trueMicrosoft WindowsValid 734700x800000000000000083390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.650{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDC,IMPHASH=AB0E9B104017117F7BE18F3C6AAC279AtrueMicrosoft WindowsValid 734700x800000000000000083389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.650{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720A,IMPHASH=7C36F76BEB38B735155D539BEBF60532trueMicrosoft WindowsValid 23542300x800000000000000083388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.630{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB7191683923DCFAEC6A55AEE475AD18,SHA256=CD41B3F4B1E864B7BEDBC19842226F51F2A02A86678782AC3FCAFF91BE8DC750,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.597{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.597{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.597{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.597{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wlidres.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft® Windows Live ID ResourceMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidRes.dllMD5=924564C6374F361B38AF73212C520FC0,SHA256=91FEB10B955D69A7B758EFC53C7E51A1EDE9B875F823DC41B04356CA62133D77,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000083377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\WinSCard.dll10.0.14393.2273 (rs1_release_1.180427-1811)Microsoft Smart Card APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwinscard.dllMD5=85E2B5FCB057B0476687CCFE28E589A5,SHA256=4B99A7709FAC8E9CF95AA186651BE455C0998414E2D2D807DF1B000EB26FBD15,IMPHASH=8E9831D203C36A499228D7F02C6B90D8trueMicrosoft WindowsValid 10341000x800000000000000083375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\mfplat.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Platform DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfplat.dllMD5=6B3DD2386B60D0003B3A0A1AE706A9C5,SHA256=2DF94FA3C88D5D8AB5A981C0182263B5D8161CE0F96687D2DF7892EB4F25104C,IMPHASH=4B0B41F559164385A004BCC689586F63trueMicrosoft WindowsValid 734700x800000000000000083366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\RTWorkQ.dll10.0.14393.479 (rs1_release.161110-2025)Realtime WorkQueue DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationRTWorkQ.dllMD5=1EABA23A7305A232C9A16C14806ED091,SHA256=3AD1A84A56EE0DA68B40D40770787FEED3DCF4A74BE172F01BD837FD680396E6,IMPHASH=41E263D9EB0100A59E34B18CF8F6F725trueMicrosoft WindowsValid 10341000x800000000000000083365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\mfsensorgroup.dll10.0.14393.4169 (rs1_release.210107-1130)Media Foundation Sensor Group DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmfsensorgroup.dllMD5=7CB78A0BF4D6AEA6A4C367DFC7645CD0,SHA256=5504F29CAE19AF9A98D65508A350F518AEA1C66235029B1881CA765146E92D99,IMPHASH=86C22AEFE3E4067CC0F34A1D80C38807trueMicrosoft WindowsValid 734700x800000000000000083362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Media.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Media Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Media.dllMD5=D99A463FD833B801A943698AC8AF81EB,SHA256=224405AC2CEFCFBB5E2AE3D98E9A5895BB2C39C128759E2FBCC3E84335E4E6D9,IMPHASH=88691B5201F0FCC6E05D2593797A195AtrueMicrosoft WindowsValid 23542300x800000000000000034146Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:50.637{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=804ED2C4280FA758ED03C2AB16F24A39,SHA256=7B247593F80FEA2B60B622B3A0F892877F206CCC9BE22A6FC13B377F40F5CA31,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.581{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\DevDispItemProvider.dll10.0.14393.0 (rs1_release.160715-1616)DeviceItem inproc devquery subsystemMicrosoft® Windows® Operating SystemMicrosoft CorporationDevDispItemProvider.dllMD5=CCDEFAE1F31F9F9AED64686A143D3D0A,SHA256=CF96EB0C3422628398D218152A729221C0F5D09F287E083AE88ECD77DB2C11BC,IMPHASH=B96B407351B4F23871E4087C6E937148trueMicrosoft WindowsValid 10341000x800000000000000083354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+67500|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\shacct.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Shell Accounts ClassesMicrosoft® Windows® Operating SystemMicrosoft Corporationshacct.dllMD5=6C3405DC9DB5740B6B2AD3AF67031A2E,SHA256=223153AF2A71D3549CCE25D3EAA294DD44471EA8A0733E5AC1EFD7D99D03886E,IMPHASH=F9EDABA9B540C273AC125BA9D119C3AAtrueMicrosoft WindowsValid 734700x800000000000000083349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\samlib.dll10.0.14393.0 (rs1_release.160715-1616)SAM Library DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMLib.DLLMD5=4C413FEDB1B88DA18059890CE0BC95D1,SHA256=FAD279CE82D1616A533D6E5D3A20543B51FDBDDE4C764E09F6A01C8B0E44218A,IMPHASH=BF11630905AADA27934CD5411323FA5BtrueMicrosoft WindowsValid 734700x800000000000000083348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000083347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 10341000x800000000000000083344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wlidcredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Account Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWlidCredProvider.dllMD5=BFDFA8D6CE74D72FC3CAC3E8B6D05FB7,SHA256=172538FF3768FA97A54D4B33B7E3253F568013DF9F8102E023DEFF4CA44B2BBC,IMPHASH=AC43D6C08681C0DFDC982DCBAA555A68trueMicrosoft WindowsValid 734700x800000000000000083341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\certCredProvider.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Cert Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCredprovider.dllMD5=5C5920708E3A7386E3FB97F06A1CF6CD,SHA256=2CEBA7FEC4C2DA3384BE80CB70C5AF04F45727BDA3DEF9A79F478B071AB9FC0C,IMPHASH=A01F108876C25B588A60F1407EC75717trueMicrosoft WindowsValid 10341000x800000000000000083340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.566{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21D0-60EC-6307-00000000DB01}7172C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ngckeyenum.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Passport Key Enumeration ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationngckeyenum.dllMD5=ACF9A79DE065065D9B9F3C060D8FD883,SHA256=72A663ED47F6354E1EF19D6E5D4BC1118B8BF699B9E112E89BBE8DC8B9D83187,IMPHASH=7408E186279579FBFF9DD5099C815B63trueMicrosoft WindowsValid 734700x800000000000000083338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\BioCredProv.dll10.0.14393.4169 (rs1_release.210107-1130)WinBio Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationBioCredProv.dllMD5=73F8BD8ED7C88C247AE1F8931FE84024,SHA256=50102694895A05D4554A54C775A033664DF7B9E51347F918E2A2FEF2F2B747C0,IMPHASH=01D3BF39F15617F2002037CAEC4CA502trueMicrosoft WindowsValid 734700x800000000000000083337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\StructuredQuery.dll7.0.14393.4169 (rs1_release.210107-1130)Structured QueryWindows® SearchMicrosoft CorporationStructuredQuery.dllMD5=330E02FA330C93B93B477AA2F88C8A3A,SHA256=958A6977B820D04D94C8FD85C23CC62D77F0498BB59A648744E8F43704FD7F26,IMPHASH=870079407DAAD548AC5B3F417EEBB243trueMicrosoft WindowsValid 734700x800000000000000083336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 10341000x800000000000000083335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000083333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ngccredprov.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Passport Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationngccredprov.dllMD5=5125FB8AD27095A89651EFE26DF82B8F,SHA256=B49A3E4B223B5737ABB834DA077E2F525B8D5A4E7A226134AD23B19BD20DA5B5,IMPHASH=BD5237271CB2F0AA3004D8AC0791F836trueMicrosoft WindowsValid 10341000x800000000000000083332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDA,IMPHASH=CA757A840D91610BF593E8A2814EB9B3trueMicrosoft WindowsValid 734700x800000000000000083330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1F,IMPHASH=518BBC26E9BA87459E80712401FEE077trueMicrosoft WindowsValid 734700x800000000000000083329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Devices.Enumeration.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Devices.EnumerationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Devices.Enumeration.dllMD5=4C62915A0F4A5D426D857C5DEC342AE9,SHA256=371A5B33833D0433F525EF0A0E61B7EFE5F91142F814241AB291C178B055BCB3,IMPHASH=19CB1EC42DBF9C106DE4DE251E31017EtrueMicrosoft WindowsValid 10341000x800000000000000083328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\facecredentialprovider.dll10.0.14393.4169 (rs1_release.210107-1130)Face Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationFaceCredentialProvider.dllMD5=75568151502F3012E5A0B28D53517B21,SHA256=6CD897692F27AF5291034213CFA48CF0A0517C33A5A23ED270F12DDE98FB32D9,IMPHASH=A57735F3674892C8A813AC842EA6CFAFtrueMicrosoft WindowsValid 734700x800000000000000083326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\cngcredui.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft CNG CredUI ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcngcredui.dllMD5=FE84C1709B761FFCFA7F4340FA451A65,SHA256=329D2D141C9C0ECC68C12E8B68D0413C396F47C83C85621A410773D8BB1A494C,IMPHASH=9AEED300060E76958D7D2ED9F8BF8EDFtrueMicrosoft WindowsValid 734700x800000000000000083325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000083324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\credprovs.dll10.0.14393.4169 (rs1_release.210107-1130)Credential ProvidersMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovs.dllMD5=913EF3B2F5DF7C749774F6FF3B054C11,SHA256=4E3F665593865080E37EA4F3108102FD222C2DECE3841F178EAF29A9CCB59C2C,IMPHASH=4D8C135A6C32D5E52CB9D0ED6F5E66D4trueMicrosoft WindowsValid 734700x800000000000000083323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\credprovslegacy.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Providers LegacyMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovslegacy.dllMD5=C54FE5EE50B5B797FFCFCC1B00A0076C,SHA256=2676BC00EB97E8BC4F3052EF09106DA33FA33CECC66D179164B3B2FE9DEFD9F6,IMPHASH=350AE9643284403B93B04574B73914E7trueMicrosoft WindowsValid 734700x800000000000000083322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159A,IMPHASH=D9F27AFFC8B05CE56A2B9B9CD5B4C9B5trueMicrosoft WindowsValid 734700x800000000000000083321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\SmartcardCredentialProvider.dll10.0.14393.2248 (rs1_release.180427-1804)Windows Smartcard Credential ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationSmartcardCredentialProvider.dllMD5=89F3FE0276D7A31BA02AC3366F964FEE,SHA256=EE1AC8484F240304375600A1B95B64670D660EEC8E3D9F49D7782505D38E28B2,IMPHASH=634A0E8BBEC2A27265F521A876EDBBDAtrueMicrosoft WindowsValid 734700x800000000000000083320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\threadpoolwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows WinRT ThreadpoolMicrosoft® Windows® Operating SystemMicrosoft Corporationthreadpoolwinrt.dllMD5=4D271D6FA08E19B78A99F948FB012F44,SHA256=92D9A5BC0F95FDE6BA83D17925122815BDF3803D949112852C3D97CFBA16D219,IMPHASH=0E03F54121A53AD6BC839C0721A3CECCtrueMicrosoft WindowsValid 734700x800000000000000083319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9,IMPHASH=D27BDFF964B5FDB8A5E9B0599333826BtrueMicrosoft WindowsValid 734700x800000000000000083317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.550{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\credprovhost.dll10.0.14393.4402 (rs1_release.210426-1725)Credential Provider Framework HostMicrosoft® Windows® Operating SystemMicrosoft Corporationcredprovhost.dllMD5=D64A4C4E4CDB8DD6128D4EFAC4118353,SHA256=A503771EBD077D5C5C2EFF2499E074A8B05099A59D68E7668F403EB6DC4A902A,IMPHASH=2B8D4C5C44B72C4C63973FFAB9046281trueMicrosoft WindowsValid 734700x800000000000000083316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.534{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\CredProvDataModel.dll10.0.14393.4169 (rs1_release.210107-1130)Cred Prov Data ModelMicrosoft® Windows® Operating SystemMicrosoft CorporationCredProvDataModel.dllMD5=6B8B71ABE125771FEE8A44D0F941CEF3,SHA256=1C7C0865C8BD4CD12867432AC71144923344F596EFA2D7C42DD9EF37F508F519,IMPHASH=E95B43892FF230687F925F53516FD6F3trueMicrosoft WindowsValid 734700x800000000000000083315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.534{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Logon User Experience Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Internal.UI.Logon.ProxyStub.dllMD5=BA676D9CAC156F110C3E109367BC3E0C,SHA256=1B4D4D75C4E651BDC6077679581B5246667A2E63171FEB9B8566B1A638683D79,IMPHASH=652A046C44C4B1CC212802D3079219D4trueMicrosoft WindowsValid 734700x800000000000000083314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.534{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\FontGlyphAnimator.dll10.0.14393.4169 (rs1_release.210107-1130)Font Glyph AnimatorMicrosoft® Windows® Operating SystemMicrosoft CorporationFontGlyphAnimator.dllMD5=3179BAF869C1815F2A39438DD5EFD620,SHA256=7A89DD1B6F0DCF16AF14A03EA04718DAAD8FE01E97C61933BD81E6371251AA31,IMPHASH=50CFAE7BE5DDFAF9B3957BA4D337BEADtrueMicrosoft WindowsValid 23542300x800000000000000083313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.531{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76B190C2B538CE32C11F69CA0C007E71,SHA256=B70B8B0B03925302892F9BD7954292BB5296CCD6C47BDF22654D2A9C7E067C8C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85F,IMPHASH=0280A5811869EFED56B453A140477D51trueMicrosoft WindowsValid 734700x800000000000000083311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=BB0ECCB8A72B5926A58433666145D459,SHA256=9C082B0EF00A6E174062634F0421B1179D27BC9077A5C0B1FEB2AA74DBAC2E68,IMPHASH=4DF173E853B52F621D05CC337B9F72CEtrueMicrosoft WindowsValid 734700x800000000000000083310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187E,IMPHASH=5F8C6AF7D0781F35A516AEB072DAD045trueMicrosoft WindowsValid 734700x800000000000000083309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9D,IMPHASH=E32C7474360C94A9FE5E17141A4AB35FtrueMicrosoft WindowsValid 734700x800000000000000083308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000083307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AE,IMPHASH=E494F732179E765F2CE18BC21CDB1948trueMicrosoft WindowsValid 734700x800000000000000083306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.513{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000083305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000083304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176,IMPHASH=98050D95AE15C8382F287539F2BF65FAtrueMicrosoft WindowsValid 734700x800000000000000083303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4283 (rs1_release.210303-1802)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=4331AC493E264AF1378E0082194D07A5,SHA256=81B8E123110B9C7A34957B9176791AD86EA874315D4555FDC85CF20975E08D99,IMPHASH=C0750252600F63F4BA1D73794E8FE8C0trueMicrosoft WindowsValid 734700x800000000000000083302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\CoreMessaging.dll10.0.14393.3930Microsoft CoreMessaging DllMicrosoft® Windows® Operating SystemMicrosoft CorporationCoreMessaging.dllMD5=3D9D2F367587B2E93F2868F52D4ACBDD,SHA256=B4B27A7D4B9B685B6015D090B6A3E0E578AFBDE8D6C06A8F2E606A439D5A4BA4,IMPHASH=92CA7117B99353AC45978E95EEB5A46DtrueMicrosoft WindowsValid 734700x800000000000000083301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Xaml.dll10.0.14393.4470 (rs1_release_inmarket.210704-1611)Windows.UI.Xaml dllMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Xaml.dllMD5=6F79837DE63E915AAE0672450E93FB5A,SHA256=2169B1FAEF092332F4B72F142E2FECC8554A0E2756715711F5E15431784A5261,IMPHASH=B872FEAB4926DE1D74C3DF5AC4E62C2CtrueMicrosoft WindowsValid 734700x800000000000000083300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000083299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628,IMPHASH=31EA1856BC7597303D8126028BBFDFB8trueMicrosoft WindowsValid 734700x800000000000000083298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.497{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Runtime UI Foundation DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.dllMD5=FEC31833E8D13591BAECE59B8E39F53C,SHA256=424BAEA0DC8EF34305A881F9B36F22E8CFECA403A0D03B61782D69535387A401,IMPHASH=B073DE28C43175420FE754415439CCEAtrueMicrosoft WindowsValid 734700x800000000000000083297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\MrmCoreR.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows MRMMicrosoft® Windows® Operating SystemMicrosoft CorporationMrmCore.dllMD5=D730B5700BEB4A7E6E4244684356739C,SHA256=26083BEB490E48F5711D69A0E597B7A4CC6FB4B31EDCD535A0FF0DFBE4E6F8DD,IMPHASH=462A9FA6F44F25C68798F197AC8EC9D9trueMicrosoft WindowsValid 734700x800000000000000083296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000083295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wincorlib.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows ® WinRT core libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwincorlib.DLLMD5=F08F4542548A5CD4F521491164598021,SHA256=D60844E5A091DD42CB1BC03CA76B8BBAF55C5B1A9EC3F1403AB241DDE36CA630,IMPHASH=7118E177B350BBAD51DE9533CF52B852trueMicrosoft WindowsValid 734700x800000000000000083294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000083293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.Cred.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Prompt User ExperienceMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.Cred.dllMD5=78EED0861A739C42B882A074C8C6EB66,SHA256=3BFDDC668D78212AACD74DE956A004582DBA1FBC9DDFB3B3FF9368F3FF16991A,IMPHASH=937A04AFF9E2F1B9DE53D1339BC71147trueMicrosoft WindowsValid 734700x800000000000000083292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000083291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.XamlHost.dll10.0.14393.4169 (rs1_release.210107-1130)XAML HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.XamlHost.dllMD5=3EF300C64E57C482FEC2A62454CC45BC,SHA256=CED0EEE32D019EAF1BE70190B87FA9858054DEE20DE77EF0BDC67C2B8B0DD669,IMPHASH=76C7A23349305BC2F339502E1330DC92trueMicrosoft WindowsValid 734700x800000000000000083290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000083289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7E,IMPHASH=945C5ACF3D7F6243AD6374B1152227D8trueMicrosoft WindowsValid 734700x800000000000000083288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000083286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\avrt.dll10.0.14393.2969 (rs1_release.190503-1820)Multimedia Realtime RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationavrt.dllMD5=8EC9E2490A9FFA637115F758B22FFF78,SHA256=1A3295CBF09E9367CCE68505D949D724FB9B66B4516770B7D594273C3BCFC5B8,IMPHASH=F266C00A61E480BB0A81B1A89DB30014trueMicrosoft WindowsValid 734700x800000000000000083285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\Windows.UI.CredDialogController.dll10.0.14393.4169 (rs1_release.210107-1130)Credential UX Dialog ControllerMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.UI.CredDialogController.dllMD5=914E180859851B8FF502A541C5EE5C1F,SHA256=4139824AE8D81F519CE57E46F7514D82A42BEBE8A3971B32666CF2A2AC8390F8,IMPHASH=36C915CDD5835C99A10F8B3C525E4356trueMicrosoft WindowsValid 734700x800000000000000083283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000083282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wincredui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User Internal InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwincredui.dllMD5=27B7A3DDE710FEC067E7AADBB396FDCC,SHA256=BE73F24E4E7E5002A78784D60F82840B42FB2AAD593623D00535E0403B01EAED,IMPHASH=5BF8C42D151FC064CDF2E863454964AAtrueMicrosoft WindowsValid 734700x800000000000000083280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000083279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11,IMPHASH=DFDCA72C641F8587ADF49CA0ED1D5817trueMicrosoft WindowsValid 734700x800000000000000083278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\MMDevAPI.dll10.0.14393.4169 (rs1_release.210107-1130)MMDevice APIMicrosoft® Windows® Operating SystemMicrosoft CorporationMMDevAPI.DllMD5=CF179D8A655703FDD273891432EBF588,SHA256=722863E48713AEDC9E7EA95C181CAAA389B147BCE51A7E815F0D4189AF92B6E8,IMPHASH=A9DFEC2D392C78A08CC45D2B95165EEAtrueMicrosoft WindowsValid 734700x800000000000000083277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\WinTypes.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=F26A1B9400B1B37D899B01DA8DE809F7,SHA256=F0AFDE11FE0C22D0A25CA4F5A07FEDDC6D3014902360566575E4AB5C164AB8E0,IMPHASH=58F905117CF0434AF54A7CD9D43EEF30trueMicrosoft WindowsValid 734700x800000000000000083276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\AudioSes.dll10.0.14393.4169 (rs1_release.210107-1130)Audio SessionMicrosoft® Windows® Operating SystemMicrosoft CorporationAudioSes.DllMD5=4B97F920560452EC199062492055FF4C,SHA256=FF75E4970C94C270783461F9696829E3159E5254C818E3F86AE521018B1EF055,IMPHASH=18FC7797E056AFF42D40FF05B182DB5AtrueMicrosoft WindowsValid 734700x800000000000000083275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\credui.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Credential Manager User InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationcredui.dllMD5=F3EA67955C81EDC0351A4E7418EEEAF4,SHA256=1DC9FF6C665A376789094BF59DCF125A7BE0280D798C74C0853AD1D808104F5D,IMPHASH=4559CD65117B2CEA951EAA739A2320C9trueMicrosoft WindowsValid 734700x800000000000000083274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.481{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000083273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000083272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000083271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000083270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000083263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000083262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000083259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000083256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000083255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000083254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000083252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000083250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000083247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000083246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000083245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000083244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000083240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000083238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.469{8057F119-323A-60EC-760A-00000000DB01}8996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000083232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.466{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6843CC157D8EB694B17F93C60A785849,SHA256=112B93C83A5A68BAFDD621FBD94749A522E1F81D4310CAAC352916CFB6EDACEC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.450{8057F119-08A1-60EC-1400-00000000DB01}10762196C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x100040C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+63c9|c:\windows\system32\cryptsvc.dll+62d1|c:\windows\system32\cryptsvc.dll+5e56|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.450{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000083229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.450{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000083228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.450{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.450{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000083226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.450{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000083225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 10341000x800000000000000083224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-08A1-60EC-1600-00000000DB01}12361916C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 10341000x800000000000000083220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}96449608C:\Windows\system32\consent.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x70C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\consent.exe+1452|C:\Windows\system32\consent.exe+3ca7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000083218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000083216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000083214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000083213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000083212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.434{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000083211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.433{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.433{8057F119-089F-60EC-0B00-00000000DB01}6326948C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.429{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msutb.dll10.0.14393.953 (rs1_release_inmarket.170303-1614)MSUTB Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSUTB.DLLMD5=17CD28B5081E8C9D25228987EDD4E4F4,SHA256=7AA14D2F375CCB4A57053144BC826132938C66ADDB282C940F736F3C6E358DA5,IMPHASH=C2050C3A907779B8B143FA73DD6A1241trueMicrosoft WindowsValid 734700x800000000000000083208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.428{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000083207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BAB,IMPHASH=AD7CEB919D43FA2BD394EC803EB6BCDAtrueMicrosoft WindowsValid 734700x800000000000000083204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570,IMPHASH=2E790E44628AED89C2CC17E1E4A5CE1CtrueMicrosoft WindowsValid 734700x800000000000000083203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962,IMPHASH=2E671B0A6A313B7E8765124B944DA4FEtrueMicrosoft WindowsValid 734700x800000000000000083202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000083201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\MsCtfMonitor.dll10.0.14393.0 (rs1_release.160715-1616)MsCtfMonitor DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMsCtfMonitor.DLLMD5=81BC8DBCD544B8837BCBC5CAD0C9CA08,SHA256=C67286427B136D36F2785B3DF169B8D3E820ADCD1C836B69770439A9456A2E8E,IMPHASH=9B989CE38CE9C40F828E034B46B8E9F3trueMicrosoft WindowsValid 734700x800000000000000083200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000083199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131,IMPHASH=6FEE5278940E0EA644D3641165D77874trueMicrosoft WindowsValid 734700x800000000000000083198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000083197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\wmsgapi.dll10.0.14393.0 (rs1_release.160715-1616)WinLogon IPC ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationWMsgAPI.DLLMD5=F057E6CFED6521141F9E2AA786FEBF9E,SHA256=FE15ADCBC8E9B129BC09FEC47A89A487F5D9E537DC05674C413A8D9D84860535,IMPHASH=0070F559678E041C453782364C13F0C2trueMicrosoft WindowsValid 734700x800000000000000083196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000083195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000083194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000083192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000083191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 10341000x800000000000000083182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000083181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\consent.exe10.0.14393.4169 (rs1_release.210107-1130)Consent UI for administrative applicationsMicrosoft® Windows® Operating SystemMicrosoft Corporationconsent.exeMD5=2D39786DACCF1721F552F3195E72766E,SHA256=D1FAD06A025FEBDD896A8B17182F31CCD4F92EBA8C696485FFF77C0823CFF723,IMPHASH=9E56AB88B9592E0AEB5042020D43259CtrueMicrosoft WindowsValid 10341000x800000000000000083177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+2c4f|c:\windows\system32\appinfo.dll+4026|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.413{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\Explorer.EXE0x1014c0C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\appinfo.dll+33d8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000083170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.266{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB8708B3BFD2879E7C64C0E36C3FFEFD,SHA256=AE33C73A7F11F2B74735370080659B4BE718D7942486A3A01E065BF05432C46E,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.197{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000083168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.197{8057F119-3239-60EC-740A-00000000DB01}89484536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.197{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000083166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.197{8057F119-3239-60EC-740A-00000000DB01}8948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000083165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:50.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE64F583EFA79A233D02A7135903CBA7,SHA256=E347E51EAF1B53CC84AB1FE384245480357E553CF70BD0155BA1AFB44F361890,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083399Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.969{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63542-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000083398Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:49.969{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63542-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000083397Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:51.765{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D0EE189EE5613CDCE2A8A85154A2C16,SHA256=4220637FF18E48EA2C540A665644A0045396EF2969F05237C986A65EDE306983,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034148Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:48.593{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51703-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034147Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:51.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98026E7B43D7BA444F69792C051E35DE,SHA256=0A6AFA7272862C77C8E21AE8B26AA4EAF7E00C64BEA209378554CB089CA44FD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083396Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:51.449{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF6FF8A338EC2DA9E4E10413DC3A256D,SHA256=85C0F637D0EE5A290B840965024C53B3A612A54012793DA4A259B391CA27D6C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083400Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:52.811{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF0F3B55B971967262263AE2063CF529,SHA256=DBA55FF95FACD982088D18D29A849A4AFB1C02EDF2DCDE40283F9BDF7FFC5D84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034149Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:52.684{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AC2EAF967A13B0EB793A944CE9BBA66,SHA256=5DC36D2E330312009A6828637FA139542EEF341B84A6EC8F501BC61B3D34A4F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034150Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:53.700{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=062C46B98B4355FB833437801441B6C3,SHA256=898AC1AAC40F9CA1EDD903BB6EA93589955CFAA28E68FBAD2DC9B6EDF586C5D6,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083451Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.410{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083450Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.410{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000083449Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.410{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000083448Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000083447Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000083446Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000083445Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000083444Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000083443Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083442Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.194{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000083441Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000083440Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083439Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000083438Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000083437Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083436Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000083435Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000083434Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083433Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000083432Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083431Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000083430Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000083429Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083428Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000083427Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083426Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000083425Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083424Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000083423Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000083422Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000083421Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083420Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083419Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083418Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083417Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083416Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083415Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083414Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083413Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000083412Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083411Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083410Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083409Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083408Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000083407Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083406Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083405Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083404Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083403Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083402Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.179{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083401Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.180{8057F119-323D-60EC-770A-00000000DB01}9324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034151Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:54.715{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C5C97290ED13D4E52A362B720493D3D,SHA256=C39D0A5A06629D2B524F38B816DB21DF93ECF2B28406EA3EA3C354F6D4C965B0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083461Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.529{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083460Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083459Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083458Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083457Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083456Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083455Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.509{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083454Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.494{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000083453Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.194{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC050E888A10F0AC679D680B58ABCE8E,SHA256=B41DCE6F358107FCFB6A860618331CA6550E0ABAB38C54FB1116FFB3E5E1A796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083452Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:53.997{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D15AD4793469C7AE1BCBE25299A0310,SHA256=CBA9D550636F2B259EC2D61ECC59D1BA37E478FC31AC73C7C360255F00C3E84C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034152Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:55.715{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85A0A4B7F25FE417D4A671A5369F36B7,SHA256=0B156842AB0FFF257317D01C1EF8D9502F797D4B3DD2F40B5153FD41BA389274,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083462Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:55.063{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A02EEAC8CE41E835AD9031DD5DED1C12,SHA256=BFC498DB7007A506B9E3340DBBCC2755352773DBA1171137E4FDA81798F224DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034153Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:56.746{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E076179860AE9C775232B972ED1A54A6,SHA256=336C88AD4FFC74A61AA8AADD179F8B1B049513559D86CF681063F841A89A2682,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083465Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:56.508{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2AAE-60EC-1109-00000000DB01}4020C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000083464Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:56.077{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B86DC949A79BC5F8BB8C06CEA5850EA8,SHA256=E57374EB58DB516C4261FFCB09484E8ACE53D8C4AB05AD5FBCB2BF1CC6288736,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083463Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:54.287{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63543-false10.0.1.12-8000- 23542300x800000000000000034155Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:57.761{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFDA776FB8ECF70EEB4DAB1FE625D4F7,SHA256=8CBF0D73F8F93499B06788A0406F3109E55601655BFE6A948F1BAB60A4E57463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083466Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:57.092{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45ABC53BEB6E367926E75941192AA3B0,SHA256=D472184E0F4171E2F55DD13F9D612D1BA119C5FD0C9AA9CEADD7EAF8AA2CDC15,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034154Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:54.530{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51704-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034156Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:58.761{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF1F38BD5C942564F425B97946D37E31,SHA256=E4A5F57BF87AEFED0D74C6033E0A7D83F84DB380FDA2A60372DDDB8F72AA4525,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083651Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.976{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=197E91FC10EAA51D9B85532747FC413F,SHA256=64F762E9FD855E934C66E70E9FEDCB7B89591FFAA4718DF1623EBE99402FDD46,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000083650Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1060,RunKeySetValue2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500\Environment\COR_ENABLE_PROFILING1 734700x800000000000000083649Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083648Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083647Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083646Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083645Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000083644Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7B0A-00000000DB01}96809416C:\Windows\system32\conhost.exe{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083643Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083642Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083641Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083640Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000083639Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-21B7-60EC-3B07-00000000DB01}55124040C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083638Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083637Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083636Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083635Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083634Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.960{8057F119-3242-60EC-7A0A-00000000DB01}93568612C:\Windows\System32\cmd.exe{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083633Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.965{8057F119-3242-60EC-7E0A-00000000DB01}8340C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_ENABLE_PROFILING" /t REG_SZ /d "1" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000083632Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1060,RunKeySetValue2021-07-12 12:14:58.945{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500\Environment\COR_PROFILER{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} 734700x800000000000000083631Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.945{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083630Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.945{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083629Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.945{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083628Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.945{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083627Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.945{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000083626Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-3242-60EC-7B0A-00000000DB01}96809416C:\Windows\system32\conhost.exe{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083625Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083624Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083623Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083622Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000083621Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083620Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083619Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083618Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083617Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083616Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-3242-60EC-7A0A-00000000DB01}93568612C:\Windows\System32\cmd.exe{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083615Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.937{8057F119-3242-60EC-7D0A-00000000DB01}5816C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER" /t REG_SZ /d "{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000083614Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1122SetValue2021-07-12 12:14:58.929{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500_Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32\(Default)C:\Temp\test.dll 23542300x800000000000000083613Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.929{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FE67BBAC2C7B354887507D9ED8791BD,SHA256=6338D37FC29AA92E4B990BE86E940696E7DD800FD9DE9AE3F30A85A6064D601B,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083612Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.924{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083611Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.924{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083610Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.923{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083609Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.923{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083608Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000083607Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7B0A-00000000DB01}96809416C:\Windows\system32\conhost.exe{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083606Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083605Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083604Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083603Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000083602Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083601Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083600Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083599Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083598Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083597Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7A0A-00000000DB01}93568612C:\Windows\System32\cmd.exe{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083596Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.911{8057F119-3242-60EC-7C0A-00000000DB01}9684C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Software\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}\InprocServer32" /ve /t REG_EXPAND_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 734700x800000000000000083595Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083594Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083593Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083592Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.907{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\cmdext.dll10.0.14393.0 (rs1_release.160715-1616)cmd.exe Extension DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCmdExt.DLLMD5=71B9AD2C078C208ED1633DE7DDAA834F,SHA256=44A35F3F5561E722EA1ED9A128BFF127E6086B114678774BC674BC717DD779B4,IMPHASH=03503926F7A6CC110815DF46C0AEFD5FtrueMicrosoft WindowsValid 734700x800000000000000083591Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.891{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000083590Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.891{8057F119-21BD-60EC-4B07-00000000DB01}58805636C:\Windows\Explorer.EXE{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083589Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.891{8057F119-21BD-60EC-4B07-00000000DB01}58805636C:\Windows\Explorer.EXE{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083588Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.891{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083587Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.876{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083586Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.876{8057F119-21BD-60EC-4B07-00000000DB01}58804844C:\Windows\Explorer.EXE{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083585Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.876{8057F119-21BD-60EC-4B07-00000000DB01}58804844C:\Windows\Explorer.EXE{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083584Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.876{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 10341000x800000000000000083583Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.876{8057F119-21BD-60EC-4B07-00000000DB01}58804844C:\Windows\Explorer.EXE{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083582Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.860{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000083581Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.860{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 10341000x800000000000000083580Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.860{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083579Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083578Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000083577Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000083576Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083575Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000083574Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083573Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000083572Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000083571Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000083570Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 10341000x800000000000000083569Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}96809416C:\Windows\system32\conhost.exe{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083568Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 734700x800000000000000083567Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083566Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000083565Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083564Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083563Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000083562Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083561Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083560Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083559Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.846{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083558Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083557Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083556Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083555Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083554Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\ConhostV2.dll10.0.14393.4402 (rs1_release.210426-1725)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=EBEFEF1FE2B0D6FF2595203DADE100C9,SHA256=70F4BB4198467DA8E2FD7AF475536B3F2FD1B3E56CEE7E376D0303C149C449F9,IMPHASH=49A59B06FE5B10F21E36B588430BFDB3trueMicrosoft WindowsValid 734700x800000000000000083553Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000083552Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000083551Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083550Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083549Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083548Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7B0A-00000000DB01}9680C:\Windows\System32\conhost.exeC:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXEMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0,IMPHASH=2C980A4DA7C717CC670CB9E1D2C4D733trueMicrosoft WindowsValid 10341000x800000000000000083547Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-21B7-60EC-3B07-00000000DB01}55123720C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000083546Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083545Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083544Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083543Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37AtrueMicrosoft WindowsValid 10341000x800000000000000083542Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083541Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083540Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083539Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083538Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083537Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\appinfo.dll+2073|c:\windows\system32\appinfo.dll+3c57|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083536Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.829{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" C:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{8057F119-21BD-60EC-4B07-00000000DB01}5880C:\Windows\explorer.exeC:\Windows\Explorer.EXE 734700x800000000000000083535Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000083534Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000083533Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083532Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 734700x800000000000000083531Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000083530Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083529Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083528Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083527Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083526Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083525Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000083524Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083523Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083522Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083521Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083520Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083519Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.807{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083518Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.791{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083517Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.791{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083516Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.791{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083515Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.791{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000083514Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.791{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083513Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.791{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3242-60EC-790A-00000000DB01}5056C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083512Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.775{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083511Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.775{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083510Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000083509Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000083508Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083507Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\IDStore.dll10.0.14393.4169 (rs1_release.210107-1130)Identity StoreMicrosoft® Windows® Operating SystemMicrosoft CorporationIdStore.dllMD5=C361C32146F8C2E67168CFC076DBBF55,SHA256=D27DC85DE98B5C85AAAEEE1FC2EBE0F92B53F82F35F0AC6A49ADAE83456C0740,IMPHASH=E5FDBED6A52D2B5010634A77EC08AD4DtrueMicrosoft WindowsValid 10341000x800000000000000083506Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-08A1-60EC-1600-00000000DB01}12363680C:\Windows\system32\svchost.exe{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083505Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083504Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000083503Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 10341000x800000000000000083502Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083501Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000083500Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083499Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083498Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083497Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083496Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000083495Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083494Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083493Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083492Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083491Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.760{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083490Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 10341000x800000000000000083489Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-21B7-60EC-3B07-00000000DB01}55126580C:\Windows\system32\csrss.exe{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 734700x800000000000000083488Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083487Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083486Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083485Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E,IMPHASH=1C99A7F1249FB0C7B924253B69E59F88trueMicrosoft WindowsValid 10341000x800000000000000083484Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083483Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3242-60EC-780A-00000000DB01}8696C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083482Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083481Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083480Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083479Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.744{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083478Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.707{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083477Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.707{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083476Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.707{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083475Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.707{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083474Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.707{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083473Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.707{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083472Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.607{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FF,IMPHASH=6691D3D33C2662107A11540A5A994674trueMicrosoft WindowsValid 10341000x800000000000000083471Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.575{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083470Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.575{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\system32\consent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000083469Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.125{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEB222DAF261DB54B6C24921EA422A54,SHA256=217E7867A330F310D10B9A140EEFCB11A7CB1D1FAE03E64E4C9533832E682114,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083468Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.007{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000083467Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:57.991{8057F119-323A-60EC-750A-00000000DB01}9644C:\Windows\System32\consent.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AE,IMPHASH=52045AC79DBE663F06AB7C9717524D40trueMicrosoft WindowsValid 23542300x800000000000000083914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.777{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B94AF34E39728EADD273C3BC3DFE8467,SHA256=EFC7F3857F83AC3DF23632E1616F8CD8E2DA4F1D14A2927961303AE3AAF81D4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.777{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=23E2963A1DEC494C9F7D8CDCD74AAF55,SHA256=793AE4C22ED92B13494E82E02F5E28D754B3044EE3B0F8EAD610B706FACAA81A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.761{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000083910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.761{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F87EF6511182D9A4AC10759AB7C0046,SHA256=F5250ADA5207BF8D0DF69E4CD0976021926DFAAE4EE0980407F90DB47D0EBDCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.761{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=278B47E1B391DD55010CA0C589B42A2A,SHA256=DBD8A66371ABBC2C8E8F7476E691B70547F69F1FDFE771B1851B24C0B7947BB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.761{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B84FF22AC74DCD9A3CDBADD0427AA1FF,SHA256=6F78F54BAD9441CB9C4E114DC5DFC84A85409E7F9FB0FCAFEDD4C26D6B2C2B41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.746{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.708{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.708{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.708{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.693{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.693{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.693{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.693{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.693{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.693{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.677{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 10341000x800000000000000083890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000034157Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:14:59.777{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9657C8446EBEB354DE4E31F4FBAD0C5B,SHA256=761C9AB94C54A907ADE8126808F376A9C94F597B0089BF451EF22A8F19AECFE0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-08A1-60EC-1000-00000000DB01}1001724C:\Windows\system32\svchost.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=95A1BA1B908C04EE471AAB365D557FC4,SHA256=5EAFA5C8125CE0A4C69238F28E94E9DC96ECB2474CF429A1BA4C56233D32EBFE,IMPHASH=781D96AFC4A43989716F0476826C7E94trueMicrosoft WindowsValid 734700x800000000000000083886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=A8286DA670839BD4D3B828E5DCE2D579,SHA256=9A039B35434ED287DBB4F23906E07ED81BB3AF62F01CC31842D1B1E8387C4AFD,IMPHASH=351F646C1B9736015D0FFEFB86A4D807trueMicrosoft WindowsValid 23542300x800000000000000083885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73BAA10520358156669CD597C7698BAB,SHA256=DA80B68E2F716D6F8195E6559C5FA5101F22C9A51584981E100AB24E6E892522,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DWrite.dll10.0.14393.4225 (rs1_release.210127-1811)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=EC928387A1AC55B0BCC65F0FB64657D7,SHA256=9E719F529FD3CE2014E17ADA83FEBB5DF3DA533E93192739324EC698EEEF489E,IMPHASH=A304C1ECFEFBD3A520A9945E2188D759trueMicrosoft WindowsValid 734700x800000000000000083883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=B8A5106696E9FFE0CBA9A5F83C146DE9,SHA256=0CFFE15440453F2A67CB55D62A9044FCB6451149CBA5B98D3E9F265768D09EEB,IMPHASH=A885832D78ECD46B400AC0EF19CF0ED0trueMicrosoft WindowsValid 734700x800000000000000083882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.562{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msls31.dll3.10.349.0Microsoft Line Services library fileMicrosoft® Line ServicesMicrosoft CorporationMSLS31.DLLMD5=B2911DEDDF06CA1AB66C810EB98AA503,SHA256=B8FAC47D96B3577104AA20C84E532024E4B8D7A7B222E715E7FBC368151E34D3,IMPHASH=B42CEEFC5A11B8C6A930DBC4E521CD36trueMicrosoft WindowsValid 734700x800000000000000083881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=456D1A9554B75F666045F322BAEEE209,SHA256=F527B223EC94B35867641F6CDDE68B0D18048794B4837D600DC6F2DF44C17D18,IMPHASH=D3851D2627EE20865D40A6CE93CA8A17trueMicrosoft WindowsValid 734700x800000000000000083880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=19BB2A2206DA49504383900559339A32,SHA256=4DB5ACF98CD3E789E9DECD82BA6637452A236207E93C3E38B85F373965E457B8,IMPHASH=4453AC692845F7F4429D6DD3ACF00D0EtrueMicrosoft WindowsValid 734700x800000000000000083879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=50FAAB33B35115D94D3442FA90B0574B,SHA256=922F64661B34B37D35D11CB89611CD5BAE3907FDF56C782D9C67597F330F4D33,IMPHASH=3C84DC322121BEDBDD23AD37D5500FFCtrueMicrosoft WindowsValid 734700x800000000000000083878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=71488B2A3FEEE42631F968B08ED0503B,SHA256=2693217FA5F2A259F10D580B4AB95787ECB30B2DF16EF98631EF9D4B3DC62564,IMPHASH=37239F56D3864617C4EFB2A5F460F097trueMicrosoft WindowsValid 734700x800000000000000083877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=D238A301AE8EFABD029CE5C9B7777BF0,SHA256=FBB2B864831D5F0F71E1D0167B4EDD4FACB62BFD7913C465F4E291B868120163,IMPHASH=D87E30B18F53FE55C5B018AF0882ADC7trueMicrosoft WindowsValid 734700x800000000000000083876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=574CE73F5F8AEE6C2219547BC8DC88A2,SHA256=68B28AF187AFD6453173D1DC09C9C11CF10FA886FD5877B83170CAA3B0706784,IMPHASH=36E120EA05F8714D20693A7DA02D7326trueMicrosoft WindowsValid 734700x800000000000000083875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=0C5492DFFA271BC1912BADFEBB497907,SHA256=536C445B9D489749547FAC1D0B01AF7F430BBFE31BCD2924E7DB3BFE66785452,IMPHASH=91DB2465A9EA36C5C01315C79E4EAD5AtrueMicrosoft WindowsValid 10341000x800000000000000083874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-21BD-60EC-4707-00000000DB01}54361764C:\Windows\system32\taskhostw.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.546{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msimtf.dll10.0.14393.0 (rs1_release.160715-1616)Active IMM Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSIMTF.DLLMD5=AFF8921E40DF47A2938819BBB13E0CC5,SHA256=2E521B9BF27F9EC3D0C077AD1D21915240BA5D2A7F3D64E85687E8A38DD6E5A6,IMPHASH=61FEC0F2740D3463B3883EC575978A0EtrueMicrosoft WindowsValid 734700x800000000000000083870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000083869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000083868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=90A1CD387F9CB30F86D34B88BFCD83A1,SHA256=5F6CE9777CDC7B0A0E98C90709C41C379415DBA654A39B332BB683A7F2B86E97,IMPHASH=07C997EFB887CE39B75B7896A20F5FFBtrueMicrosoft WindowsValid 734700x800000000000000083867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=9FEEEA412847864E044BBD2789C2457B,SHA256=359D3258E661357C768B1FBB885743E63D3D218FE7999D4A39FC8AEEF64B52B3,IMPHASH=16E2C81454E1F9301D6F8A9B1F5DB754trueMicrosoft WindowsValid 734700x800000000000000083866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=CA6447DDCA724F0C5C0CAFDE184EFE64,SHA256=F9664337B60A332571FCA81CC3E6DD194DCE20C8546980FD283CA892D0CC873C,IMPHASH=6E3C4DB87F2B77C788E86C1A678A8D0DtrueMicrosoft WindowsValid 734700x800000000000000083865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=A6F22CA344FD1B7D75D49ECC718693C8,SHA256=C7787F59263B7D5246B931531AB4DC4C430E1BF8260775B7A751D4994A5D3489,IMPHASH=689E2A5805AE9CF0919D2DDDDDC411CCtrueMicrosoft WindowsValid 734700x800000000000000083864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=5480D88484EFE8EB7EDB99E68CBCA337,SHA256=B555AD6480A30599CF27A818E470B25C9242AB80C94835EAE08B226854E630D7,IMPHASH=A7A8E1C7D8A348EDDDA81702A2FEC068trueMicrosoft WindowsValid 10341000x800000000000000083863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-089F-60EC-0B00-00000000DB01}6322952C:\Windows\system32\lsass.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives Library (Wow64)Microsoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=0D7153433B25ABA6DF86FBC7FA543CBF,SHA256=C8DF43428EC79BEB384B2B2561A3D8FF98040ABBC760C35F99E1FBE2D04170BF,IMPHASH=61592743BFAEF2F12950E5420FA2AEB1trueMicrosoft WindowsValid 734700x800000000000000083860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000083859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000083858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=A2E7DB9004B5F149FEA6776FA9C7A9F3,SHA256=C62D701FF9A54CEFA5629F904470D4664A41598270A4952B7A60E542D7A87AED,IMPHASH=8F303613138642A89948D086887F818CtrueMicrosoft WindowsValid 734700x800000000000000083857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=9BA49461346F5B2DAFE81E401E884241,SHA256=297B46C95521B8EB59B3793F0ED2736F39C495D2C3D622638EE9205F53E69EFD,IMPHASH=3546967BD7A83D49718BE45FB48403B5trueMicrosoft WindowsValid 734700x800000000000000083856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.530{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A5DBC147158A0FFB44246C9452A1C9E1,SHA256=D7763F384F902F00980FE6A2ED0F254AF0539B66AAABFF64413B0D17606000A9,IMPHASH=CAC6B3339C5CAA083E24A4484EE86E29trueMicrosoft WindowsValid 734700x800000000000000083855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.528{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=F6B687A32ABAE8BE3B02C122B58D952F,SHA256=DF763BDC4348BBEA93375263BF88E0BCD1267C58FC0F6E994F6D778D302DDE85,IMPHASH=60EA58ED63BD25EC1709F72F112B0086trueMicrosoft WindowsValid 734700x800000000000000083854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.527{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=7BC54AA66588A3DF7B1448A4493C6663,SHA256=9CB1BA7C092164DAA14E21454606905E294D137AD72158F92A666077D7CF1946,IMPHASH=2DCB08A6E31A83C3EA33C5793EFA9A56trueMicrosoft WindowsValid 734700x800000000000000083853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.526{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=0D885953D657434CA5015545A364BDB9,SHA256=1D29921E136F84B4CA9F1EBD646CFFF4571EA805A6CC5BC1F7C7784CC3246088,IMPHASH=76F056ED62EDF4D48793D8C5EDA733ADtrueMicrosoft WindowsValid 734700x800000000000000083852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.526{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=7CAAFE27AECA4ED69CC960438C1B5757,SHA256=725B17A1DC08013337B50D4E0A6E332CC4C30F164383DF2ABBC735001C834F2C,IMPHASH=BFFFEC36C21D417AD54A3AB3D4E7EE22trueMicrosoft WindowsValid 10341000x800000000000000083851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-08A1-60EC-1600-00000000DB01}12364384C:\Windows\system32\svchost.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-08A1-60EC-1600-00000000DB01}12361316C:\Windows\system32\svchost.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=E1A1B98F2AD180FA2117A56D869E5830,SHA256=2D9711E9D549CCB441EF21F72F08FB4EACD5F2990193C6FFFC7E7AC92FA6E670,IMPHASH=1FCD5DF5B3D97346B0A828B1CFDB1ED1trueMicrosoft WindowsValid 734700x800000000000000083848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=2BDBEE1B42063F245AC86F54C236BC4E,SHA256=CD558E008DA76E171FC9B8CF87556353330D7B7BF593B5074E4FEB08BC14CFC6,IMPHASH=6FE75EB0A263DD16629B09AECE416B36trueMicrosoft WindowsValid 734700x800000000000000083847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=4BA1C50E6607AE70495B58874963B901,SHA256=72BBBB4145E058C3B12504AC0EC128CD44E282D40959D018192899276A2B9C69,IMPHASH=9F60CD6001B5CEA647B250DFF3B6F65AtrueMicrosoft WindowsValid 734700x800000000000000083846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=0FDEB9236FF287E329F2EF155BA8AE56,SHA256=5F0C2A29312C82D14B8B42D2B6AAFEB82EBAD20822B603FD162E6AAF39B06C95,IMPHASH=2D7046CEF5DEEA9D960D37CB0A98F146trueMicrosoft WindowsValid 734700x800000000000000083845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.493{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=F169BB178FFF9EF0E90CF23D07F1B57A,SHA256=1A28934762F0FB587D63FBCD755198F9E660D38F49A7C85C976EB8FF646F2B67,IMPHASH=25AC4D4B6BEA6260ADEE864A6D475575trueMicrosoft WindowsValid 734700x800000000000000083844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=203F58BA41B48A59D6A047E0233DB422,SHA256=4204F7C2B4E13AA3819A180FACA724435F6400FE97D2EF6C74634A0D7E51F7F3,IMPHASH=EA6E499F92F9040E9609EFDC47BE01FEtrueMicrosoft WindowsValid 734700x800000000000000083843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=F5FF215A5AE295644FE12BEAF6B75D00,SHA256=714EEB3B620CC9E368813728B1D247684519A3181211CDB5FCC37451F9BC2B96,IMPHASH=F90F73E985A4791F34FE3574D5616CACtrueMicrosoft WindowsValid 734700x800000000000000083842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=AF2A9437F3AED2E8254B7E1EB6E96782,SHA256=D8F3C957BDBD9DB510E71B07CDE1B446491D4DC520787548060B3AAD1324C62A,IMPHASH=5D2578ED274AAD83C30A3917C98404EEtrueMicrosoft WindowsValid 734700x800000000000000083841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=318804DFF282AE5C2FEF5577057CB913,SHA256=A65C5C3F38A793F0C59C1A4553940D6D236CE2BC3380898E865BF0E1F80FEE8C,IMPHASH=5D92B73B6930EFBC71A36B7FEF62DF62trueMicrosoft WindowsValid 734700x800000000000000083840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=CDD32AC585A458B6B2BC777FACF83BA4,SHA256=6A6D1362633319BA3E2D389A70827D0B5802C5EA9DD5CA723AEA6DBF65713426,IMPHASH=E698C8E2E06172CDB524686FF10A5C5EtrueMicrosoft WindowsValid 734700x800000000000000083839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=E9E209227AF7EFBFDAAA0B932251486D,SHA256=639DD063669F506790DA8C940E3BEBE4F7CF31668260F94CF5A67C93021D2BDF,IMPHASH=25AFDCBDCE8BEB6A7109D378495BE552trueMicrosoft WindowsValid 734700x800000000000000083838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=C6C25E7A5D01FD9147D482CD834999E4,SHA256=AB08074A7B8F0F23EF24CAF00654510E7F89F8B31E5F57A7E059ACFAB34F4C29,IMPHASH=C4387C261B588A5F35A1A681C1322E08trueMicrosoft WindowsValid 734700x800000000000000083837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=FD246A07CED3BC52C91E4CE7F149B814,SHA256=643D290491BB7D0137CAD77B3DB612D69A6EC7AFE9C411D438C3CA1769F1EECC,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x800000000000000083836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 734700x800000000000000083835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=33E4F8ECEA33AC2AAB8C336A0C11AAA7,SHA256=EE44DEE528EB91D80BB3DE79DBDD7E135A51FD6EF2AF360B6DB8A3CB0C297D1B,IMPHASH=262CA12D79E6C3E8AF3B3D1DFFC16408trueMicrosoft WindowsValid 734700x800000000000000083834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=77D1E6B39B0A1A221E23209A8F10AE8C,SHA256=474B6C0D7F8D25F225DB55533706ED090DB77BCECB5926EBE5ED248B43748A45,IMPHASH=DB78A36AE0F862A9544AD9A5C272D7E5trueMicrosoft WindowsValid 734700x800000000000000083833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=E3851CE4A433475612CB0E1552A733E3,SHA256=F391BAA7AFF5734842737FC1B4C58856BA5E409A7B97C037995F0F26150A85FA,IMPHASH=6DF3E31673D2CCEDABFBE5A79390B72DtrueMicrosoft WindowsValid 734700x800000000000000083832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=F058FE3C5E3DEF875A654A18551D88E5,SHA256=78DC0394AA359DBD2EB8BE7F13FEDF0478C8AA55785712B358FAC1C97D051B87,IMPHASH=44F906D172B935DEA0C5D038C6FA8449trueMicrosoft WindowsValid 734700x800000000000000083831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=8E944CBA7B0993C79E9AFD7A98731F0A,SHA256=4C377F857E4ADF55949D88F4CC4A0B7A38268532284ECD1331C25F4C29E2EC71,IMPHASH=7E0E904C0FD68DBF5F794D700C0C3C3DtrueMicrosoft WindowsValid 734700x800000000000000083830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=294BC43051C27ADB96A957A6FB9448BE,SHA256=9564D3F69345F9883161007F2E26298FD377B023D1D46C0AAE9821B4B26A74B3,IMPHASH=B1175218A8304DF3BD6BF43A45EE8073trueMicrosoft WindowsValid 734700x800000000000000083829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=7B019DFD62509B244C4A11809F595C07,SHA256=2E879BBDC7C215041617FC599FCBA8C474F99E27B8333EA4DCA4854FE738F22D,IMPHASH=918DADABE6E41CFBB03F954A46D3F72EtrueMicrosoft WindowsValid 734700x800000000000000083828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=3D4308BAC53B881B16D9BD1006ABDC65,SHA256=26DF85FC22F9FCAA2212CB66612FE8F5CC6382953FE81B9C34128E43080C7891,IMPHASH=C7D6B46400E43E7BE538D1CCB512EC25trueMicrosoft WindowsValid 734700x800000000000000083827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=580643DD40890B231399EA5F57EFAA70,SHA256=0B374B1825ABFF7B26170E75F1B638DF08A15B07660A7DF5533F02853CF266C6,IMPHASH=AC11100B3FFA7FCAFA188E618E4C7CC1trueMicrosoft WindowsValid 734700x800000000000000083826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=990CA13B9FE19A5A611F77B333BC9AAD,SHA256=EC3960CAABA4FC0287601311BDCC14D472A165DA7C43F88665D984CE1A0B7DE4,IMPHASH=EED74FF36259DAC3FFC7675209FEED89trueMicrosoft WindowsValid 734700x800000000000000083825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=3394E4EEB4851D80DD7548EC87EAEA5F,SHA256=7F670ACCE58EAADE796FEF335B4EAEAB66DFC47875219B9BE3C9B405A452450B,IMPHASH=C3B61C1F5D46A607D624033E7094E4FFtrueMicrosoft WindowsValid 734700x800000000000000083824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=F3B7F231407DD207CABC94C9347984AC,SHA256=053A1D95EEB426416278D2AD7D584FDD984A8B445CC88B46785AB8666383FB0B,IMPHASH=B5CBF1B1B5086E2C500FD84325E04D44trueMicrosoft WindowsValid 734700x800000000000000083823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A1EDD29F959E38F8AE4AF9B5CDD2B534,SHA256=CE5ECDC3BEFA2DC8C826A697EAC6CDAC12753258315701130CDEDB19D24DBC75,IMPHASH=8B861EA72FDD6FC722328B2746B13380trueMicrosoft WindowsValid 734700x800000000000000083822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=E3B7B5531159A395AC63B7EA256FE7B6,SHA256=B631E93E271E706E0204B606D7851ADF7E65FCA04ACDD73103F0754A9C01007E,IMPHASH=6E1D0A92C1917EFBFC1EEA82FA5E155FtrueMicrosoft WindowsValid 734700x800000000000000083821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000083820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64cpu.dll10.0.14393.3503 (rs1_release.200131-0410)AMD64 Wow64 CPU Microsoft® Windows® Operating SystemMicrosoft Corporationwow64cpu.dllMD5=C1F2078639481364EA3FDD10CBEB1A18,SHA256=B63E6DC0B3D7ABA9CB95929A1A360208A570CB2072474276F649B68F1AC8DC82,IMPHASH=15CD876FB3F6EC97A2F7466360415F86trueMicrosoft WindowsValid 734700x800000000000000083819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E0C87CF8838DB8C6DBD24A708FCED51B,SHA256=0616E630C7F8E116CE43390638C9CE99209556662C2BBDF5845F1CD03E1C6C4E,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000083816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64win.dll10.0.14393.3383 (rs1_release.191125-1816)Wow64 Console and Win32 API LoggingMicrosoft® Windows® Operating SystemMicrosoft Corporationwow64lg2.dllMD5=62DEBA17D0A26B352F1C3F02144BC6EA,SHA256=5A1C08FE318942CB31048DBD641E25610DE842E34470B3E54FEDCA4E2642D4E0,IMPHASH=3045357B61B63AEF6CBCD96F2FA7E9D8trueMicrosoft WindowsValid 734700x800000000000000083814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.477{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\wow64.dll10.0.14393.3503 (rs1_release.200131-0410)Win32 Emulation on NT64Microsoft® Windows® Operating SystemMicrosoft Corporationwow64.dllMD5=447615F19DAAFF9C308370C59F493BF8,SHA256=45ED2009CEEB249BBF518B958AF02B97E667DB68C9B6D65642E69E9B0300CF5D,IMPHASH=03B9E38A9E88FDC66380837CCC8647FAtrueMicrosoft WindowsValid 734700x800000000000000083813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=57015A39A73789DC7171F4F6B211AC32,SHA256=3ED6D5A7095A141DCF234926EE0274FDA627C2829607DCE0F7604B7C683067E9,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083812Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083811Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843trueMicrosoft WindowsValid 10341000x800000000000000083810Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083809Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083808Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083807Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083806Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083805Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}96969340C:\Windows\system32\mmc.exe{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+5fc62|C:\Windows\System32\KERNELBASE.dll+5f7f6|C:\Windows\System32\KERNEL32.DLL+608d6|C:\Temp\test.dll+1081|C:\Temp\test.dll+134f|C:\Windows\SYSTEM32\ntdll.dll+1859f|C:\Windows\SYSTEM32\ntdll.dll+71d1e|C:\Windows\SYSTEM32\ntdll.dll+71b6b|C:\Windows\SYSTEM32\ntdll.dll+2d7dd|C:\Windows\SYSTEM32\ntdll.dll+18b4d|C:\Windows\SYSTEM32\ntdll.dll+1512d|C:\Windows\SYSTEM32\ntdll.dll+11c4c|C:\Windows\System32\KERNELBASE.dll+25b2f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a8937|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+a868b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525ab3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+525eff|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+5289ad|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4f2242|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+4258c9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13e9a7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+13916f 154100x800000000000000083804Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.475{8057F119-3243-60EC-810A-00000000DB01}10012C:\Windows\SysWOW64\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXEC:\Windows\SysWOW64\mshta.exe C:\Users\Public\EVIL.htaC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=A65AE0DB1DAA6B07C89DCC1E21D3EB42,SHA256=5B6429B98ADF532E6F694C9A6CD1A1943B4AA3D5EA524D4FB353939FD9C61342,IMPHASH=79925B1930721457F5E11BF877806843{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exemmc gpedit.msc 734700x800000000000000083803Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140.dll14.28.29913.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=ADE7AAC069131F54E4294F722C17A412,SHA256=92D50F7C4055718812CD3D823AA2821D6718EB55D2AB2BAC55C2E47260C25A76,IMPHASH=44C3854843F7A3FCCDF8DDBBEA66F302trueMicrosoft CorporationValid 734700x800000000000000083802Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Temp\test.dll-----MD5=BAD072DD3BD7B46B8C7BD7D27569D9D5,SHA256=25EC6A50C36ED42C4AEC92B0DAD67F49DD39ED10C9048185AD72F2FE4816E5C8,IMPHASH=3DA185B95597422D5F87D0C5E8C33CC7false-Unavailable 734700x800000000000000083801Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\vcruntime140_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140_clr0400.dllMD5=63936588122BDEE9624D02CE3F8F54EA,SHA256=21F7E6165CE8DD92DB8CDF48CEE83DE64B2B0807B7B499CF87678B70C6F8C32F,IMPHASH=CD244BF7A749BF0B13E038D2EE842BFCtrueMicrosoft CorporationValid 734700x800000000000000083800Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationucrtbase_clr0400.dllMD5=F8F171BE1820544E15B555847005355C,SHA256=CDDF9A2BF085AE59BA464B3BA6394AACFC342DA5F17D77FD5306054C8AABF153,IMPHASH=0524DC27AA10ADA72FFB6F88F5FD8829trueMicrosoft CorporationValid 734700x800000000000000083799Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll4.8.4380.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Common Language Runtime - WorkStationMicrosoft® .NET FrameworkMicrosoft Corporationclr.dllMD5=70694DB5ADC4C766A3572886DE86A9C8,SHA256=C81FD948E0CFF4961674B068D157DBB196328348202C1CC3BD08C1E4D1203036,IMPHASH=6851068577998FF473E5933122867348trueMicrosoft CorporationValid 734700x800000000000000083798Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45E,IMPHASH=005299FA213F652A596AC31760C5340BtrueMicrosoft CorporationValid 734700x800000000000000083797Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBC,IMPHASH=12E8F895FFFE1065F24D148EC1ED3096trueMicrosoft WindowsValid 734700x800000000000000083796Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\MSWB7.dll10.0.14393.2791 (rs1_release.190205-1511)MSWB7 DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSWB7.dllMD5=5C7C3EBF7A50560DE37B750F3BB0F2B2,SHA256=227474B4306F6FA4F4A7EC5DAE2E91104BA6A156E31BDAD4B82D2E5426A53729,IMPHASH=A39738A99E764D3F4E439E2498C99B04trueMicrosoft WindowsValid 734700x800000000000000083795Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.462{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\AdmTmpl.dll10.0.14393.3986 (rs1_release.201002-1707)Administrative Templates ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationAdmTmpl.dllMD5=E1CF1CD067E3C0C53A0F2A1544524688,SHA256=0A1644529D587272E6FCE0257AE061F223BFB958618D76D7CC5F9EF66011803F,IMPHASH=D6275993A6AA40AF4EF7CB35C64D34A3trueMicrosoft WindowsValid 734700x800000000000000083794Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.446{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\msi.dll5.0.14393.4350Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=DEC633243BDCEAD0E3BDDDAFBC933F02,SHA256=FC9AFA9CDD6ECC1194C1532F37AF6FEE9E888DC5D2056BCE0C59538A389FC9DE,IMPHASH=702DDC1509DE604C8D612A66E9E39DACtrueMicrosoft WindowsValid 734700x800000000000000083793Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.446{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\gpprefbr.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy Preference BrowserMicrosoft® Windows® Operating SystemMicrosoft CorporationpmbrowserMD5=C6F7D269250C984166912CE18E1E7083,SHA256=CFF659257BB3B45AABBB11D5D9930FB83EF30CDB168F1DFFCD226AFEE335C258,IMPHASH=B95C208D652CA4ABD1753B600C50E7D3trueMicrosoft WindowsValid 734700x800000000000000083792Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.430{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\gppref.dll10.0.14393.4169 (rs1_release.210107-1130)Group Policy PreferenceMicrosoft® Windows® Operating SystemMicrosoft CorporationgpprefMD5=FEBB503E16009EF67E2B39B076AFAB19,SHA256=2C8B648BF4325C9E5A46DBC9075E2BD37A6E649153E7F97E42B1518B5F0B8CF0,IMPHASH=B574852D0C9D30D215A9F05463D02F7BtrueMicrosoft WindowsValid 734700x800000000000000083791Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.430{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4,IMPHASH=334E5331674424695F9872596E2677C7trueMicrosoft WindowsValid 734700x800000000000000083790Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.430{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\srpapi.dll10.0.14393.4350 (rs1_release.210407-2154)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=6EE744B7052F6DE1C9870F9C97FDB42F,SHA256=6FE549AAB3A751D32F4FE7A1492BE85B4FD4AD718A9561CBAB6E82B97BCFDD40,IMPHASH=8C07B81A4B319D612B954B42DF3C1D74trueMicrosoft WindowsValid 23542300x800000000000000083789Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.430{8057F119-1972-60EC-FB05-00000000DB01}4904ATTACKRANGE\AdministratorC:\Windows\system32\taskhostw.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\NVCWY13N\views[1]MD5=A726593A8261930E4786375106FC6BFE,SHA256=E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083788Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.430{8057F119-3243-60EC-800A-00000000DB01}9696ATTACKRANGE\AdministratorC:\Windows\system32\mmc.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\DID55GTF\views[1]MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083787Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.427{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\wininet.dll11.00.14393.4467 (rs1_release.210604-1844)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=2155253CEE186286631247CCF3C7D138,SHA256=AA97CAF5AE292D467421116F9DB4A84008A6ED868F1ADDBE06585BF3FCCEB476,IMPHASH=B3ABC7D59C2B1ACAEECA63C53B0AAC4BtrueMicrosoft WindowsValid 734700x800000000000000083786Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.408{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mshtml.dll11.00.14393.4467 (rs1_release.210604-1844)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=E5259F73A504669357CF435C9044FA5E,SHA256=3E84BDF133912A296FBC842A9103452F27C05785D77E145329BFB9B3F5B5A7F1,IMPHASH=CBEE0B2314A44C19D7D26951C39F11F6trueMicrosoft WindowsValid 734700x800000000000000083785Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.408{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0,IMPHASH=FED414075FF3F23F21C898B1860393B4trueMicrosoft WindowsValid 734700x800000000000000083784Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.408{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000083783Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.393{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\userenv.dll10.0.14393.3986 (rs1_release.201002-1707)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=047D26DCED07A10913C3E7C3A7502BED,SHA256=143C661F79AC6BB271452A10C2A19F6B1AAAAE43B4062B6CFF173F7D8ABC40FE,IMPHASH=C84FC60AE2A79A06E8C46A6929CDECB4trueMicrosoft WindowsValid 734700x800000000000000083782Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.393{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000083781Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.393{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458,IMPHASH=F1FC6BF3699C289EBAF914A7771E49CDtrueMicrosoft WindowsValid 734700x800000000000000083780Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.393{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ieframe.dll11.00.14393.4467 (rs1_release.210604-1844)Internet BrowserInternet ExplorerMicrosoft CorporationIEFRAME.DLLMD5=13F327C8FBD3F269304BB84DE36474A9,SHA256=81560FD91B1DAB5329E68F6E43F16DA7FC9E0296D16EF8F234A6AD0D4BEA62AA,IMPHASH=C88C7ABCCBE2D1CE9D711B5FBA02EA04trueMicrosoft WindowsValid 734700x800000000000000083779Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.230{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\atlthunk.dll10.0.14393.2969 (rs1_release.190503-1820)atlthunk.dllMicrosoft® Windows® Operating SystemMicrosoft Corporationatlthunk.dllMD5=BECA5E9FA540246333036919A57B7AEF,SHA256=62C24B274B38A88C83EE122CB30142C2135953C1A26582AD003512B238CB7FC9,IMPHASH=E86BAF1A171668A11110B8975A3BDE27trueMicrosoft WindowsValid 734700x800000000000000083778Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.208{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19,IMPHASH=52DACB9FFE8B422785C607A5B88982C7trueMicrosoft WindowsValid 734700x800000000000000083777Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.208{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6E,IMPHASH=9651C547656809410E78B358203C1A1DtrueMicrosoft WindowsValid 734700x800000000000000083776Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.208{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223,IMPHASH=83736A76214A92F5C1B53248D0C22863trueMicrosoft WindowsValid 734700x800000000000000083775Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.208{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2,IMPHASH=460DAE5CA92CB705C37D78BE630D6120trueMicrosoft WindowsValid 734700x800000000000000083774Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.208{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51,IMPHASH=05056B92E29CCE6F97F9C6674AE080C0trueMicrosoft WindowsValid 734700x800000000000000083773Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.192{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046,IMPHASH=563B6F147961D943E0261E05EAD94B56trueMicrosoft WindowsValid 734700x800000000000000083772Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.192{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.2457_none_a13eaee9d8fd5c07\comctl32.dll5.82 (rs1_release_inmarket.180822-1743)Common Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMCTL32.DLLMD5=C89866876D676708892DEEA04A886CDA,SHA256=6C498F9AFFC75DFAADDACB9D1D4248862622FB2B06F0A410BA303A26FEADFF2B,IMPHASH=49FE37530A5C395ADDDAFC2730B16DDDtrueMicrosoft WindowsValid 23542300x800000000000000083771Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.192{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=810EBA726676FC4F1C588605C04AE1F4,SHA256=CAA9FDC69364ABEF71CEA859AAB65CFA85F91F64FC2DA9088026A2B3C3533720,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083770Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.192{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36,IMPHASH=FF25576501EAFD13671A6D5075C4513EtrueMicrosoft WindowsValid 734700x800000000000000083769Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.162{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9,IMPHASH=427F18493D540CBF4092BD07A97BE51FtrueMicrosoft WindowsValid 734700x800000000000000083768Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.162{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750A,IMPHASH=ADB9F71ACD4F7D3CF761AB6C59A7F1E5trueMicrosoft WindowsValid 734700x800000000000000083767Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.146{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\msctf.dll10.0.14393.4225 (rs1_release.210127-1811)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=1FD254D30743876981194F7E17ECDB6F,SHA256=0CB67AC140097A888B7ED85C9A31F8967D16661B82557CE5D61FA70A85BDF8B8,IMPHASH=BC8DDE4D2412D48001350313FD2B7840trueMicrosoft WindowsValid 734700x800000000000000083766Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.146{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\polstore.dll10.0.14393.0 (rs1_release.160715-1616)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationpolstore.dllMD5=AE6F98B3745A1EFEFBF3B7A8A3C3C53D,SHA256=C1D6274305D023AEB46EDD8981B873E53546648AE12053774C4278FB9BD1D011,IMPHASH=A0AC5A6530D0A76AD98B72F80717E27CtrueMicrosoft WindowsValid 734700x800000000000000083765Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.146{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ipsecsnp.dll10.0.14393.4169 (rs1_release.210107-1130)IP Security Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationIPSECSNP.DLLMD5=787CFB5A7CBEB7125E61B59081DFF212,SHA256=553B8503559AC164359EFFD2A966DE35C50F840F5D51EBE58108B5C388AD3932,IMPHASH=809DD47539EED08BC0A26132903E0004trueMicrosoft WindowsValid 734700x800000000000000083764Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6,IMPHASH=46ADE2B067E724C7163A0B1902FEF225trueMicrosoft WindowsValid 734700x800000000000000083763Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2,IMPHASH=AB84E6F170EE70C2F0F5C709A85E872CtrueMicrosoft WindowsValid 734700x800000000000000083762Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\authz.dll10.0.14393.1737 (rs1_release_inmarket.170914-1249)Authorization FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationauthz.dllMD5=6BAADF6A3E985DE5AB6FDA778E18F1A5,SHA256=8FD060B0F29A1FB23C3D1F389C22EC067247F1E457F331D2B15AE44323ECB8D0,IMPHASH=720B221BA6A01692F2370B4CCC197970trueMicrosoft WindowsValid 734700x800000000000000083761Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124,IMPHASH=54A7A105E11720BE50C587CF0CFA8828trueMicrosoft WindowsValid 734700x800000000000000083760Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dsuiext.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Common UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsuiext.dllMD5=FE6052C8CCDC9570E0A6535A0DA46BD9,SHA256=4D0AC8F3C5C258DFAF8DDF07A37B94ADE58E838EED5FA610FC13E957D98E4E79,IMPHASH=D81CA2AA793C8BAFCBCE288F63313BCBtrueMicrosoft WindowsValid 734700x800000000000000083759Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dssec.dll10.0.14393.0 (rs1_release.160715-1616)Directory Service Security UIMicrosoft® Windows® Operating SystemMicrosoft Corporationdssec.dllMD5=40D4AF43D521476F76C71CBBA609BD52,SHA256=56DE5022EC8C1CEB6203463F681E828D2D500BF066D1F3D617F5D1849FE99FFB,IMPHASH=02988505EDF42864EE719379A329CFC4trueMicrosoft WindowsValid 734700x800000000000000083758Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\gpedit.dll10.0.14393.3986 (rs1_release.201002-1707)GPEditMicrosoft® Windows® Operating SystemMicrosoft Corporationgpedit.dllMD5=2763BDA50EB812D28B97EFDE6C72A906,SHA256=1C50275E3A13A5C13DBAB322262C072CE26ED2F9276B8F572489E0914BD28C51,IMPHASH=4806C6DC2AD2917E93136CB79138A68CtrueMicrosoft WindowsValid 734700x800000000000000083757Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\scecli.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Security Configuration Editor Client EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationscecliMD5=BAA89268BE81CC61434688AD2D9640FB,SHA256=CEA9666B3CDCC33B2338B80D0DB4FFA0B12A78A5436FC311D78A4E7914F6EE87,IMPHASH=E8ADB2FA4DE364A13AACC7A2AB0A7DC7trueMicrosoft WindowsValid 734700x800000000000000083756Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBE,IMPHASH=5910ADAAC44A92AFA6ED871531949CEEtrueMicrosoft WindowsValid 734700x800000000000000083755Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.130{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\wsecedit.dll10.0.14393.4225 (rs1_release.210127-1811)Security Configuration UI ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWSecEdit.dllMD5=09E58C11C76F18E6710E3843C25CA3DD,SHA256=DC345CB26416422921B48185086FDB1545C3655CCAACE3DB9E9C571647DD8CCF,IMPHASH=7A899B1ACB52241546FFC5E0A7779E17trueMicrosoft WindowsValid 734700x800000000000000083754Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.124{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000083753Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.124{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000083752Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.124{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210,IMPHASH=BC4A2B9355432144727A5322381AB386trueMicrosoft WindowsValid 734700x800000000000000083751Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.124{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8,IMPHASH=B53F82B33CA6ABD6251152A46E5FF78CtrueMicrosoft WindowsValid 734700x800000000000000083750Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.123{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000083749Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.123{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\logoncli.dll10.0.14393.3808 (rs1_release.200707-2105)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=B5C16F0A457DB3C7695AAC9EE7E3EE1E,SHA256=88764349C57E619C6D1253BB2F4AFB27DBD141E9EB9C12D445C20F7384A4F437,IMPHASH=FD7877EA3FC7D2EDCA1ADC932A5034BDtrueMicrosoft WindowsValid 734700x800000000000000083748Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.123{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000083747Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885,IMPHASH=70AAA0F56F084D1AE09EB5CD51B268ECtrueMicrosoft WindowsValid 734700x800000000000000083746Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000083745Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\aclui.dll10.0.14393.2515 (rs1_release_1.180830-1044)Security Descriptor EditorMicrosoft® Windows® Operating SystemMicrosoft Corporationaclui.dllMD5=90FD7D609825CE93CC663E37DDBA1CB5,SHA256=C1F84D5A7F171C7FB4986E4E647BFB78F7E9D7DDEFDCD92EA5CAAB77AA7E11A9,IMPHASH=9939EFA70C5D79987E10B21C80592DAFtrueMicrosoft WindowsValid 734700x800000000000000083744Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5,IMPHASH=9A7C66851249D4CED6C2C9096DCA243BtrueMicrosoft WindowsValid 734700x800000000000000083743Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ntdsapi.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntdsapi.dllMD5=01AD803D409DC3C6582A9C519EB4B014,SHA256=C5A0873EC1223A67CE5980BB62F176FDF2E61BB54081CE004F479629413F27AA,IMPHASH=F054B0981CD29F6A35E7C04E22CBC1FBtrueMicrosoft WindowsValid 734700x800000000000000083742Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\imagehlp.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationIMAGEHLP.DLLMD5=E1C665DC0FD5A7423B0C0F5325A1027F,SHA256=8B84BE9335EF640ABAA8E8BBA45C6BC77F2251359D4BCC157235CB4BC107AE69,IMPHASH=C88C4D131D277C03F0879B4E0D5679DBtrueMicrosoft WindowsValid 734700x800000000000000083741Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70,IMPHASH=6FD21A38F62935B130604FF29AA3AFC5trueMicrosoft WindowsValid 734700x800000000000000083740Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\wintrust.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=D8CD8451D1E194230F18866AD6EFE5E7,SHA256=9977AA1287962035C24DF806DDA67F09FFE9BDF696DBA507D749C624AE1C178D,IMPHASH=EC9695F0DF1F52E9D439A942DBDAA111trueMicrosoft WindowsValid 734700x800000000000000083739Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8,IMPHASH=62620EF249FFBE3A3FFFCF86ECC0E8AFtrueMicrosoft WindowsValid 734700x800000000000000083738Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000083737Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000083736Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242,IMPHASH=B6562243FBF394F03046E917C719260FtrueMicrosoft WindowsValid 734700x800000000000000083735Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7,IMPHASH=E4AC0A0BD42B7356347D6A1BE150F6A6trueMicrosoft WindowsValid 734700x800000000000000083734Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000083733Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FA,IMPHASH=5BAA515B293A764CA06512D078C4E624trueMicrosoft WindowsValid 734700x800000000000000083732Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123B,IMPHASH=4DD388EAD48B428D06DBB92F58C86A13trueMicrosoft WindowsValid 734700x800000000000000083731Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23,IMPHASH=2BEC012C7F0C624C5C5ADC500530215DtrueMicrosoft WindowsValid 734700x800000000000000083730Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\certmgr.dll10.0.14393.4169 (rs1_release.210107-1130)Certificates snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationCertMgr.dllMD5=3DA0529210995B257F9ED33CB14A2FC3,SHA256=A3EBA3CB56A57EFA43E9C49194F2FD41B81481F88062959BDC4DC3520416A309,IMPHASH=5657D08561EA9D97B13FA4C28661EBEEtrueMicrosoft WindowsValid 23542300x800000000000000083729Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=148F029F11BB147FAE38F7E327408942,SHA256=CDD29660F164478D5B0FABB6797BFEFD9897D7B05CE75FE3055C86E9C7FEAA2E,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083728Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\wlangpui.dll10.0.14393.4169 (rs1_release.210107-1130)Wireless Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationWLANGPUI.DLLMD5=9E33E97A0FE466076D42D13F5635A478,SHA256=AEE7A26D0D10F949228D0C7D241CAC457663902B428AD30DDE594C56AADF77F4,IMPHASH=0D879D7637744E29F6C3E75CFEBC015EtrueMicrosoft WindowsValid 734700x800000000000000083727Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.107{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\AuthFWGP.dll10.0.14393.2155 (rs1_release_1.180305-1842)Windows Firewall with Advanced Security Group Policy Editor ExtensionMicrosoft® Windows® Operating SystemMicrosoft Corporationauthfwgp.dllMD5=53317F9C457BEC2D5FF5B77DFFF77C50,SHA256=93C6ABF90D8A7E6502F85266BCCE9A27B2021ED02E0F64AFC6DA2F4591D15906,IMPHASH=92F2C0E6509696CC91467DCBAEDF933DtrueMicrosoft WindowsValid 734700x800000000000000083726Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843,IMPHASH=EAA4328F5E33714FA08C71E4AAE43CC1trueMicrosoft WindowsValid 734700x800000000000000083725Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000083724Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4,IMPHASH=B6A1A16A2B5E910045E998CD7709E966trueMicrosoft WindowsValid 734700x800000000000000083723Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\eappprxy.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft EAPHost Peer Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationeappprxy.dllMD5=8859948D74C0CE993BD9FA2D7C816A0E,SHA256=E48867AD309BFBE43E4A2F6B702EF19656E1F9E65FC9F0DF179539BAD6BF338D,IMPHASH=5E19174AE1E573CB6B03FB1013388E28trueMicrosoft WindowsValid 734700x800000000000000083722Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\onex.dll10.0.14393.4350 (rs1_release.210407-2154)IEEE 802.1X supplicant libraryMicrosoft® Windows® Operating SystemMicrosoft Corporationonex.dllMD5=B958F829E52F260087CB7209F7B99555,SHA256=1428C08B74CC2D0EF9E493187F1963E7B47898249EB158CABE908B82B771C409,IMPHASH=BCD01C70FCB0801784A8044932B1C44AtrueMicrosoft WindowsValid 734700x800000000000000083721Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\eappcfg.dll10.0.14393.4169 (rs1_release.210107-1130)Eap Peer ConfigMicrosoft® Windows® Operating SystemMicrosoft Corporationeappcfg.DLLMD5=98CEFA645EB1E49E520DE83C80756469,SHA256=5DDFB12A86D6B8C674859C3F52A3C720DB0D6C26486DFCC062D36BFFE9345473,IMPHASH=AE4E90B7ED47E5CD4A726EC6204EBECBtrueMicrosoft WindowsValid 734700x800000000000000083720Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\l2gpstore.dll10.0.14393.1480 (rs1_release.170706-2004)Policy Storage dllMicrosoft® Windows® Operating SystemMicrosoft Corporationwlstore.dllMD5=52574FAC28BB308F127E4BBC4138EBD5,SHA256=517AF989E99F6870E33DE3EEE77F94C33D74B85D9A2C2540B018B096C61C2F89,IMPHASH=81EB696902002AA26A6111B6B9EFE08CtrueMicrosoft WindowsValid 734700x800000000000000083719Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560D,IMPHASH=5500EF6AAEED0FAA2DE0F3B65E67DE20trueMicrosoft WindowsValid 734700x800000000000000083718Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083717Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dot3gpui.dll10.0.14393.4169 (rs1_release.210107-1130)802.3 Network Policy Management Snap-inMicrosoft® Windows® Operating SystemMicrosoft CorporationDOT3GPUI.DLLMD5=3C8A654CE7001BF594728B1039ACC327,SHA256=E9924BC5DF7BD79D7CDD60035009265CAA7629C7CDB6E5AA120B5F327183FC3C,IMPHASH=1B83DE64ADAB18A05A2AD993260E56C0trueMicrosoft WindowsValid 734700x800000000000000083716Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.092{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117,IMPHASH=BF1AF19CCBABA6D54178C43BE36CD985trueMicrosoft WindowsValid 734700x800000000000000083715Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.076{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\msxml6.dll6.30.14393.4467MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=ECF3F9FC612FED875FC8A10052F82CE3,SHA256=9A06876BCFF61CFBE46F80EC76A61E66D80D734607D9503B4162840DE2039F16,IMPHASH=A74F148CA887740D0E045C70ACC762EBtrueMicrosoft WindowsValid 734700x800000000000000083714Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.076{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mmcndmgr.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Node Manager DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcndmgr.dllMD5=DDDF9C3B3B4CCFAAD35BA49B0864608F,SHA256=A8EE05699A2CE04D63D078C33A397ABE8D90AE6BC5F0156230620615B13A2F8B,IMPHASH=51AD9533DC3E1E0CFCFEECD129A51944trueMicrosoft WindowsValid 734700x800000000000000083713Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2,IMPHASH=0BE8D1F061DD646F6D2B834CB7C9C900trueMicrosoft WindowsValid 734700x800000000000000083712Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBF,IMPHASH=BB80FB0B79AB68B9AA174726B09C8CE9trueMicrosoft WindowsValid 734700x800000000000000083711Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\urlmon.dll11.00.14393.4467 (rs1_release.210604-1844)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=A049DEB5236AA8711D70001353902238,SHA256=729E2332F4E65A745FC905AD5F3F17A2C034DD15BE74DBEF7D028ED712BCA1D2,IMPHASH=6654CFB1ED505987ABEF47C5C0E0D98AtrueMicrosoft WindowsValid 734700x800000000000000083710Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899,IMPHASH=9060609FCB6C4120D4517877408A4A46trueMicrosoft WindowsValid 734700x800000000000000083709Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000083708Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575,IMPHASH=CBD4A2FD581B65B4B1934DA291FA2B86trueMicrosoft WindowsValid 734700x800000000000000083707Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\windows.storage.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=741A68372CABC432883994C6EC1BCD94,SHA256=7ECE6E6CBA15A2A61787E7ED94ECF3533CC7F9FE6842ADA1A77D96656EA0128A,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 734700x800000000000000083706Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704,IMPHASH=1835EBC72F9ADB09C6FCFABC04AC9C89trueMicrosoft WindowsValid 734700x800000000000000083705Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\shell32.dll10.0.14393.4467 (rs1_release.210604-1844)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=8FCB0790BEFBC63A59A61DC3EBE46827,SHA256=68705799702251D6DCCAA59A3EA90A8C28BC57FFC3E17F36300CDAA06355491D,IMPHASH=2ED99A476E2DEFB78DF894322CB4A549trueMicrosoft WindowsValid 734700x800000000000000083704Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5,IMPHASH=C3F4A4DA2950075F09DD008B60FF567CtrueMicrosoft WindowsValid 734700x800000000000000083703Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.060{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dui70.dll10.0.14393.4169 (rs1_release.210107-1130)Windows DirectUI EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUI70.DLLMD5=C3DC010AC7F5880CC7BE626566FC4130,SHA256=3ED6E9D0AF769B0BFBE94DFF4CC07A94A81271133FBB60C9EB02676C92FFB87E,IMPHASH=E76D3161885DD9D13E8514AFC7BF3853trueMicrosoft WindowsValid 734700x800000000000000083702Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002A,IMPHASH=C852E8FD14D356C81F834E318EEAD7FAtrueMicrosoft WindowsValid 734700x800000000000000083701Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430D,IMPHASH=3C09BDCE2388320645D7656AE2AC744CtrueMicrosoft WindowsValid 23542300x800000000000000083700Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE2D4C3611983F2EBE1B78F9C555534F,SHA256=633C6DD66B3CA46F25D107FCE45728C67A0CEF287C28DA6283B3A1C819B0FE4B,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000083699Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30E,IMPHASH=8F811B713271A0FEFA798FB95D523A8BtrueMicrosoft WindowsValid 734700x800000000000000083698Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083697Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12,IMPHASH=67E6A4C8E164C0229E3FF1626F1894C6trueMicrosoft WindowsValid 734700x800000000000000083696Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\duser.dll10.0.14393.0 (rs1_release.160715-1616)Windows DirectUser EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUser.DLLMD5=42D5E1F8641E9DCEE0D8751F6F7A8961,SHA256=9168110EF404BF179888AF4A0F02B2817F020BFB16351778F2DDD6915C92F190,IMPHASH=9134DC493583245CFD7E3B68926C19D0trueMicrosoft WindowsValid 734700x800000000000000083695Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\odbc32.dll10.0.14393.3471 (rs1_release_1.191218-1729)ODBC Driver ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationodbc32.dllMD5=7BE20E672645485F6A3B2E34389344BA,SHA256=B6F6E06CACEE09FB6CC0ACF874477FC9094EA4C14A07FF59B228BDD23C7BF02A,IMPHASH=B6FE10FF835FBB8612CC749787B5472EtrueMicrosoft WindowsValid 734700x800000000000000083694Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CA,IMPHASH=9F3DE8492A7F075320A36332ACC9CAAFtrueMicrosoft WindowsValid 734700x800000000000000083693Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083692Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000083691Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000083690Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000083689Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000083688Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083687Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000083686Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000083685Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mfc42u.dll6.06.8063.0MFCDLL Shared Library - Retail VersionMicrosoft (R) Visual C++Microsoft CorporationMFC42.DLLMD5=DD361EE0A665F41783E02CEA20285E61,SHA256=457BF44CC1BE99FD74983178AC34E83AEC2ED73DFEE9F9FC7F5F501AD8A6D03B,IMPHASH=5407FE666C5FCACC20F969C8CE05D993trueMicrosoft WindowsValid 734700x800000000000000083684Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mmcbase.dll10.0.14393.4169 (rs1_release.210107-1130)MMC Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmmcbase.dllMD5=1C8D01FA2F46DA43580F66690E59F942,SHA256=24E48F93B6050D9DA4D1B93D07FCEA7F15AF8142BA8F4B8CFEF19FA670EB5B4E,IMPHASH=3A0957E0E673BE892DE6FEF53C3A2C7BtrueMicrosoft WindowsValid 734700x800000000000000083683Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.045{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000083682Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083681Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000083680Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000083679Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000083678Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083677Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083676Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083675Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exeC:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exeMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9FtrueMicrosoft WindowsValid 10341000x800000000000000083674Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083673Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083672Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083671Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.029{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083670Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.031{8057F119-3243-60EC-800A-00000000DB01}9696C:\Windows\System32\mmc.exe10.0.14393.4169 (rs1_release.210107-1130)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exemmc gpedit.mscC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=495BFF5AE1B52661212BB65F1CFDA718,SHA256=A08EC9D2F811726BDCD71F7C5B40CDB543D092C11811A45180E569FE3F62124D,IMPHASH=ED5A55DAB5A02F29D6EE7E0015F91A9F{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 13241300x800000000000000083669Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.localT1060,RunKeySetValue2021-07-12 12:14:59.024{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\system32\reg.exeHKU\S-1-5-21-3966725549-2172964581-1758441464-500\Environment\COR_PROFILER_PATHC:\Temp\test.dll 734700x800000000000000083668Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.023{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000083667Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000083666Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000083665Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000083664Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 10341000x800000000000000083663Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7B0A-00000000DB01}96809416C:\Windows\system32\conhost.exe{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083662Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083661Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.007{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083660Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083659Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352trueMicrosoft WindowsValid 10341000x800000000000000083658Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083657Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083656Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083655Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083654Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-21B7-60EC-3B07-00000000DB01}55126756C:\Windows\system32\csrss.exe{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083653Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.992{8057F119-3242-60EC-7A0A-00000000DB01}93568612C:\Windows\System32\cmd.exe{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\cmd.exe+f1e1|C:\Windows\System32\cmd.exe+11a37|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+8ad9|C:\Windows\System32\cmd.exe+6fdd|C:\Windows\System32\cmd.exe+11a9e|C:\Windows\System32\cmd.exe+cb0d|C:\Windows\System32\cmd.exe+c295|C:\Windows\System32\cmd.exe+f916|C:\Windows\System32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083652Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:58.998{8057F119-3242-60EC-7F0A-00000000DB01}5300C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD "HKCU\Environment" /v "COR_PROFILER_PATH" /t REG_SZ /d "C:\Temp\test.dll" /fC:\Windows\system32\ATTACKRANGE\Administrator{8057F119-3242-60EC-4D36-8B0000000000}0x8b364d3HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{8057F119-3242-60EC-7A0A-00000000DB01}9356C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Temp\dot.bat" 23542300x800000000000000034158Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:00.777{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC0AACBC586FA505E911E453B7854041,SHA256=C10A05942AEFEC26FE1934E60141C7F02DAB09A420F60BFACF350710900BC49F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:14:59.365{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63544-false10.0.1.12-8000- 23542300x800000000000000083915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:00.161{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6B3C1E94A85639686BEC40C7B630BA6,SHA256=D24A6264C68F85420A9812ED860088BD2698D7FF3F140864CD5CEB3C0D81C8E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034159Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:01.793{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF25D38F75160AB868F42E8A23816BC1,SHA256=FBA9062681515FAF81E03C1FD72B4203B0D98D8BC12B11C1AC7A1873B61E3752,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000083918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:01.691{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000083917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:01.176{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA6AD2B921697754CF2DEBEFC7E6B476,SHA256=E9DB41CC92324B763B40D7BEAB19A3B1F8C8FE49EC24C8F8744948827B9CE992,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034160Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:02.808{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7828B8334DC1F9893729FA3C5EB123A,SHA256=A92DBE18D26E8E70B43F8229358EE154B52C8DFE46ED0D0C0D0EC36F37758560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:02.190{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D19DC58DDA2675FAD1226CEFD47D87A3,SHA256=63C1482F1CA97CFB4BF2B72AD1BCB9960C8ECD89B4E566F49BCAFB78A7B9E673,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034164Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:03.840{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22D4BCEC53ECCB9B4ECB8BB4267D275A,SHA256=821BE78196A64E441EFF116ED6A4D8BAF9C05B2551922C1C9A6FDD9BF1A3969A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034163Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:03.840{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F163BD8AF089D46D4698B67C5F65174B,SHA256=C338658A4D7F42F284BE700F08806FB2D269E9CB9EF8EB787EAA96350AD06E1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:03.805{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=2F443593CFADDBBDBE55D9C0E9BDF76A,SHA256=37BE1913798D0F51F5F2E8BF587EBB495C66EA5F2D3A34FDE677B854CE363F07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:03.205{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5077CC714F26180E22674D3E763472B8,SHA256=A7A276D327E51A726D794F910DF14C224EEFB88903237AB72BE9AF2CC70C48DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034162Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:03.308{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034161Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:00.436{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51705-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000083933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2F91F9E1584D49DB0E6075D866421C3E,SHA256=4F3479D4CB1B0AC7FDE9E35328B76BA5C934DE99F14F17DAB7E9CF9EED797728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A50F110C16D2B4E4E6045213D0244BF5,SHA256=51DEE45944E357DAA67A9D7E6C3A8CFE1723249D51E46C0F0579261BE4E56C05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=242AF3375BEA7BD932886C454CFA128A,SHA256=A2B704BACDF2E0A97358E1A1A32D18B5E3B8BC391E749D5A161587B18471E8D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=05F0C3B48E1B3F18DF97B61C47C3941D,SHA256=9A13E137EDFDD66D01194B228507740C3175AF05AD30BB6D15306BB34A3F79E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=97E652864F62BBF3E461852FFCFC5087,SHA256=9BC7EAF467726DA9B07428FFA3A8823C00B9DD41F9CEA9EBE71D3B2A8A5AA527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=28EBA2DA663F1C4CFCD012C52FBE4856,SHA256=6C2558317FED5F090BA10A67038B9F4954A25CE825F9D678443F4A98C0E1113F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=2BCB87D2F47E3F22E047BE38BB702FA8,SHA256=6EABF7D6AAC8D8B9CC88994D0149E176F6AFE4CBE5FCA28A00F493C7E14FC01E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=73DB7202B06FD5AE73A7B1BCA3F47EA7,SHA256=9780BA4EF7B166DF3413CF30951E7FA4200C144A1662B4225B54C92A60ABC2F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=FBFE777C5C445678FA35597A4D91ABD5,SHA256=C09F4C9F539EECA24EC962A70130363A60325531389BBDE29D8EB8048C27DD67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5BE97E9B4BEC0C800F9C5500F544368C,SHA256=B89C02C8F1F4D4AAE3B1EF488AEF539189A59857501650B19C0ABD4DA36E5559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.704{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5DF00128F4D2DA9B1FBFAD6CCD6FD8F7,SHA256=F7CDE91EFD9922CDCB546664F59D4C533531779F3E33E7534945EB8F7ADED49C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.223{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D2FAAE00E8B3EF413C6234D7AA235FE,SHA256=8916FB6AF00FD3F28CD8ADB4928A8EB19C37B5BE008B3BED71541FF8F71D396E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:05.241{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=431E9523FAAD1EE393928B9FC0B211A7,SHA256=E6AFB906841296220A1A81B13B11491B8215637D505FCA8662A7F9ACF2B9C88B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034166Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:02.639{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51706-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000034165Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:05.011{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10F1FBFAAB3E701AD4EF7B736E94CEB1,SHA256=91E4EE52760018DD64AE53536833F0C1477FF18FBDBAE119C2ED0267BBCEBC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:06.256{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BDDC0893ECE0118EDFE4B6D7AA0C1DA,SHA256=875CB859C42172A6828D67177474247C53D55E68B49771C4558DAF183C33A395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034167Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:06.011{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BADE4E0ABD2A599D8F61964C652C1A75,SHA256=9AB61E1C455AD1797B4003481EBE1E6C4AC8731108398317BF9C9163A2BFE289,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:04.383{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63545-false10.0.1.12-8000- 23542300x800000000000000083937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:07.257{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9160196D3BD67F532405975B6A4A884,SHA256=F6FC0621F83AF6A98C3B921CB116338786D8B9C47F582A1C10503AFEE72733BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034168Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:07.027{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A698400A5F2690876C4484EBBB928D65,SHA256=D7D93E982B9CDE5F418BA1EA43D4F6DB79D29D68576868A9DDE99B3F96E35FCF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034170Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:06.405{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51707-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034169Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:08.043{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=085C677363928500A23AC7897C2EE524,SHA256=26A6B8F9EDB77F3CF6FBFC803B5AFE9B9428BDF56FBF956038054DEB97EBB761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:08.258{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F562BAB2C79084F0A9C64C7374ACF4A1,SHA256=DF1B39CC1B5057DC243B8A8408A8D9737DFF756CA2180784FAA4B22D993E6E2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:06.230{8057F119-08AE-60EC-2900-00000000DB01}2924C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-89.attackrange.local51566-false10.0.0.2ip-10-0-0-2.eu-central-1.compute.internal53domain 354300x800000000000000083938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:06.229{8057F119-08A1-60EC-1400-00000000DB01}1076C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local54316-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local53domain 23542300x800000000000000083941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:09.304{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33732B5991440AC5E90BC7FEBF012E10,SHA256=760DEE29BCDD8536C920D29DE549D547CB5D6D79D51BA2F04C5575923DB21C03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034171Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:09.058{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3B7C6ACA77AAC6135252CFEC02FF875,SHA256=E704EDE1C0AB0B0871F167ABE2B11D85D84D9D95AC535672D972B597D70C4503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:10.323{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=177AD014812C9B6EF4B4EB88468EA72F,SHA256=2CB6BFFCA9114FD6B15CDE6CCDE869E5DBC8C070AAFAEC993F8E2DE40FD29AF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034172Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:10.074{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD31EF40715589B81718ED9A2184EF6B,SHA256=C94BB96F15453A3F412FE1C700535F0E18B823EE51A2C7EAAC6BACA5D9B554DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:11.341{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3926E701465ECE7AC0494EFB029DC15,SHA256=3F77BF6C2746895854B90D5EB54DAE05452C49CEDD10BED59184E5C7FB1E5754,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034173Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:11.105{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAD57BA0F77BA8BD6C6E72A66C720DB3,SHA256=81CDA969C1456242E02185B918B9266AC0BC4F2B1BBD540C63ED1C5EFFCF15B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034174Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:12.136{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0101C41F4AFC8D59098D0ADC6C9496E7,SHA256=6FC05F900F33E4038171F7509D5142D917A4AFA100C1262CE591CF0210925D89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:12.341{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22B7253D7BD148741D294AFA98C6870,SHA256=444B79D551427F608F1F6979C545A743F88FE186BFFD1A999477329F88276EEB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:10.163{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63546-false10.0.1.12-8000- 354300x800000000000000034176Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:11.529{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51708-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034175Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:13.185{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CE2D0C2529D66CEB6B1EF3DE1277AFF,SHA256=9AD951AAFBCB8703108CF215EAB74941F6373D064AECC7B5ADA6D1E272CCC6F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:13.372{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9152F810755DFD7ABA22A1BC6D0EE39D,SHA256=4CA97310172C1F55EBD53928FD395476AE0B508A501804C28575E4895D1E124F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034177Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:14.197{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA613A37F7A2D5BD9CE17F333F7C8BD9,SHA256=6AD0FA38CC1A8E75278CACC1EF1F1A697A71DAD9B040F63EC195E57A249DD797,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:14.373{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A868ABA59B032F0F2BDEF0D4A1BE93F8,SHA256=9C135CBADE607BBABA4A8C4DA39B6C9FF210BFE414DBAA5B1F79DAB9F2B5817E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:15.375{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2FD2628817C147778F182C7C5182BFC,SHA256=1743DB0F392E1BF878E262CFA8408FD3C9AAFB899F7798A1D51999C295C5E921,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034178Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:15.418{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D4159D1C774ED83F5DD76DAC18AF712,SHA256=61CED0AFC290237316B007438F27C5A166317C282682481EB9DADE9F99C1371E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034179Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:16.449{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A212D1E03B2CE57D8F3DCA2F2783CDD8,SHA256=6238184C97F9DCD448673FF49014CAA4E7AC733BBFA61D779D0A58A12564D2A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:16.405{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F6C1D523DFEE9C948D45E4686ADCB06,SHA256=D037048E6CC58BEBADF1CF6A211ABAA229690A69A9E2CA04F87F21CCB6BBC839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034180Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:17.481{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6333A5D1B0803D484C634114D11C5C90,SHA256=628954FBF0007DAD2CEFF1997C191874B8DF2A3E7523147660F86538BFB4ADC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:17.423{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13A70FB68A92B9BEE4706CA522C10708,SHA256=2A33ADE18DF5B44739B7AB0B1AE210FCA9FCD28452B0D43E604F245D7C6047E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:15.347{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63547-false10.0.1.12-8000- 23542300x800000000000000034181Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:18.527{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6C655FC5C3F323004E5D9380B1915B0,SHA256=954CF05000D224EB9CE2F4254AB73251F101FA2E6A37C768083E49817B7BFDEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:18.441{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC961D67F331F7B5B7A2770C657C45A,SHA256=FD6245B4CC6BAFBEE30082A7EEB755132AB9320D9D5912ACBB3B93146252F16A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034183Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:16.577{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51709-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034182Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:19.543{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FB3C132CA8DAED0AC05A36691EF5534,SHA256=89C0D1E3F36818C096C76462F5B88EA5A893C2EF16F43E559F86A7C36751647A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:19.471{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE1790351F663E8B39B13C8B6C365A18,SHA256=6FCC5DA58205789FC044FCC61530C8BB839628B798CBC80448F584B382DAC631,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034184Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:20.574{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8283B8B11A8704D069A48B395B46687F,SHA256=F7E85541D0095E396E69E345534A1B24658711761B730795F4F0FAB493EAFEEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:20.502{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=478EC72A8DC0DA92D6713090128A8628,SHA256=39CEF49C6E67A0A11E3B4C3F790048C018482D38D2CC308AD07048F2BB9067C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034185Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:21.824{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A8773D25F891DB4008894FE2D49BA64,SHA256=A034D4877CEB203290265A35D8DA572CE59EE81E277BDDFB6A777668199ED241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:21.520{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1248602998E7C9F63FCAB826BDF33642,SHA256=644B523582CB0D9C0D4CD0EC40C7DB5337F3841068D5FC3DD1B8601F1FFE0FB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034186Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:22.887{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2DFBBDED43F125CCA364269BFD88BB2,SHA256=F4FD8EC67D66F266FE4BE0B617B2FD9200CDE0157556295E428EB16ECEBA3EC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:22.538{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0BBA015868E28571E34629D84D45F69,SHA256=A6BC604B55017C6D78BD2BE532EDF575F8C752E91E606B3FAB36BC16A2031850,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034227Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-325B-60EC-7D05-00000000DC01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034226Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034225Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034224Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034223Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034222Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034221Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034220Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034219Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-325B-60EC-7D05-00000000DC01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034218Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034217Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034216Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.965{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-325B-60EC-7D05-00000000DC01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034215Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.966{50946567-325B-60EC-7D05-00000000DC01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034214Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.918{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43547DA82991F80DA187727B257301D5,SHA256=F18E5D1D479991CDFECDCC0B4CE1E225AAF532391529AF3620A1923B5FE35ECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:23.553{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=916828045A22C5F473B7517D30B88CB6,SHA256=965166C24B14F91130F491ACF7FDE24E60D4E49943DEF31D46291632D91B1DDD,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000034213Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000034212Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x009bba26) 13241300x800000000000000034211Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770f-0x353e623a) 13241300x800000000000000034210Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77717-0x9702ca3a) 13241300x800000000000000034209Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0xf8c7323a) 13241300x800000000000000034208Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000034207Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x009bba26) 13241300x800000000000000034206Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7770f-0x353e623a) 13241300x800000000000000034205Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d77717-0x9702ca3a) 13241300x800000000000000034204Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:23.668{50946567-0A80-60EC-0B00-00000000DC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7771f-0xf8c7323a) 23542300x800000000000000034203Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.590{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=6778DA8297FAA3373D39CC41ABC0A87E,SHA256=F39FA54B1F07943B15BE0EFDBE8D7A49A587FFDDBBE085C870501D77A21C01B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034202Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.590{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=7BEA2FB94F66B499771BF8F9ABD8A7CC,SHA256=81AE14391AA650327C48D6D7ABCF7ABA2DD3E8F3F85242EEFF579C67F1C6D19D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034201Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.496{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C34CFF1898AB03AD90E7561F29EB8F34,SHA256=9804A8DF6E525E3531E216511CFB47D1AB161E1111AF953BDD81527F1CCE1C4C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034200Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.465{50946567-325B-60EC-7C05-00000000DC01}2624716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034199Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-325B-60EC-7C05-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034198Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034197Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034196Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034195Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034194Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034193Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034192Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034191Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034190Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034189Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-325B-60EC-7C05-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034188Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.293{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-325B-60EC-7C05-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034187Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:23.294{50946567-325B-60EC-7C05-00000000DC01}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000083958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:21.258{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63548-false10.0.1.12-8000- 23542300x800000000000000083957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:23.084{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C11CAA9B9EC23FC6F7E9E15CFC60CE92,SHA256=FDB64257382A93BEADF246F1ECD7A8B63F4069DA2837EFB1CB38693480BD877F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:24.567{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29E6FB4AE64CC51AE567D26591EF96E4,SHA256=3E6FB788E26D377B23DEB31C46DDC53C12D80083C2CB1F07AE1F9AC3131A8439,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034244Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.810{50946567-325C-60EC-7E05-00000000DC01}24083596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000034243Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:22.374{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51710-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000034242Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-325C-60EC-7E05-00000000DC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034241Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034240Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034239Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034238Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034237Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034236Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034235Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034234Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034233Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034232Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-325C-60EC-7E05-00000000DC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034231Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.638{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-325C-60EC-7E05-00000000DC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034230Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.639{50946567-325C-60EC-7E05-00000000DC01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034229Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.513{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C4253686CCF34C068EC296E45BDCD1C,SHA256=B9267FE403B3E5E355104462C46397401D25B4731C6B9A33FC2FC42129AF9CEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034228Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:24.513{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E5BEAF2B9BB9ADF81AB849C5889C606A,SHA256=A367104D40FE9A86B79A14416EBD6D8DDE4E596745D382BDA9AE374486BBE062,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:25.582{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B50807A5AE5CC30DCC914CEAA59F54C,SHA256=F04380827FE7D69BAFCCE525C994541CFE25C3A0AED93B38ACD71FCAFBED1B36,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034273Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-325D-60EC-8005-00000000DC01}3964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034272Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034271Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034270Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034269Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034268Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034267Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034266Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034265Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034264Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034263Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-325D-60EC-8005-00000000DC01}3964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034262Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.810{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-325D-60EC-8005-00000000DC01}3964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034261Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.811{50946567-325D-60EC-8005-00000000DC01}3964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034260Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.669{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C4253686CCF34C068EC296E45BDCD1C,SHA256=B9267FE403B3E5E355104462C46397401D25B4731C6B9A33FC2FC42129AF9CEA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034259Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.591{50946567-325D-60EC-7F05-00000000DC01}37323208C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034258Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-325D-60EC-7F05-00000000DC01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034257Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034256Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034255Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034254Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034253Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034252Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034251Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034250Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034249Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034248Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-325D-60EC-7F05-00000000DC01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034247Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.310{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-325D-60EC-7F05-00000000DC01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034246Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.311{50946567-325D-60EC-7F05-00000000DC01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034245Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:25.013{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA70EB44BB23E9C671C34DBBA145984D,SHA256=2D709F7189D6A3E1277E3BF3B8821E3C89DEB55834596418C496078D77A3A694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:25.351{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:26.599{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6420EB6A3510181BC3B14AD12E2A7102,SHA256=BEB776FFBB390DEB943D7B41B95A8E9D4F596FE6867A905F4A8BF44ADE1DA5A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034275Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:26.857{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8E6540B6079BED33E71E5EAB1984203,SHA256=A41529285E0202B1E2BBEDF6579F6AA71657EF58E330D52CA1DD8391B7F90429,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034274Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:26.154{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06F218493CC25C6126ED4C83AC246EAA,SHA256=FFBD52CDC5CC8FC70187444B2779922873548FAB1DB656E8B894609030E7B73C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:27.618{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74CC6B57406CC9FCCF02341EC682DA63,SHA256=1B6D4696D3F98B8C5E53A04332EA65E95D2C18FC5D88A2455BC3089BCEBC0919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034276Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:27.247{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC29D2EA4FF578910F64426738CE2100,SHA256=6981E8153C5F5D20DA1D99C46AB0C17330D07D9666F2F4DDB93630071552B749,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:25.477{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63549-false10.0.1.12-8089- 23542300x800000000000000083966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:28.636{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BDEE2346CE3D1063E9F3BE843E1C029,SHA256=4A32A9634F3D56CF4928184712B88545D9210DC4BC3D03077FF58B084E5DD94E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000034304Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3260-60EC-8205-00000000DC01}336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034303Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034302Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034301Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034300Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034299Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034298Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034297Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034296Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034295Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034294Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3260-60EC-8205-00000000DC01}336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034293Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3260-60EC-8205-00000000DC01}336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034292Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.951{50946567-3260-60EC-8205-00000000DC01}336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000034291Microsoft-Windows-Sysmon/Operationalwin-host-439-SetValue2021-07-12 12:15:28.669{50946567-0A81-60EC-1500-00000000DC01}1032C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d77717-0x9a42292a) 10341000x800000000000000034290Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-3260-60EC-8105-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034289Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034288Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034287Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034286Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034285Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034284Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034283Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034282Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034281Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000034280Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-3260-60EC-8105-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000034279Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-3260-60EC-8105-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000034278Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.279{50946567-3260-60EC-8105-00000000DC01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034277Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:28.247{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=606BFCDCC59ABAFCD14940B54F9B99F3,SHA256=2087F718127E08C176398615C085770F20CD9FA9A3FC5D671BDB591300834244,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:29.651{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51ABC1E8B1831CBF5F6D2D4566FB4220,SHA256=A51C1325BDE742FC23D718EE5D38DFE72B238E1F27083E128103F6D1DC993114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034307Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:29.576{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4191F196B4745F86A9CC114ADA71EF0B,SHA256=9996022C3BCABD60760551078BB4A0BC1AFF284CFB425392961C08B05167DCB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034306Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:29.576{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=35CF38E99656EF4639CD6177EA2CD8F6,SHA256=EA81012E08725FFC9A5DEB8B89EAEB8A68EDAED75A25CAF9C8DEAAD9240AA7EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:27.277{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63550-false10.0.1.12-8000- 10341000x800000000000000034305Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:29.123{50946567-3260-60EC-8205-00000000DC01}3362348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000083969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:30.665{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5F27DB2CC5CB4DBB65E3671C8145704,SHA256=2B3501025FBA6ED5A9D41DA9786C7781D67DDB590193573C9C562CF44E81302F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034309Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:30.592{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AEBCC581138D706B4A227421E8BE7AE,SHA256=52B6B708B63D59FB2625F6C0C1949D79675F29CABE5370EBD2DD09C207BC4219,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034308Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:27.500{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51711-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034310Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:31.607{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E945E747BA41695EE85BE764C1C5B056,SHA256=34FEB2944D6355D8DFDE528E0F298958A5C489427245A8D23022C088943D2D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:31.695{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86AF76C68A45775F93CF2604782075CF,SHA256=59ABD8BEE6869774F12907DB704BD88915E6C5C238806C6461130CAF0D98577D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034311Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:32.686{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7476ECC2741F3EC990E5887FD5D36C0,SHA256=6FFFC4D204F231BAA04F673EDC673C6F497559091520466BC25EF2D52BDEDE56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:32.714{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0346B0AD3F7EA56CB014C020DD794B97,SHA256=8C46684EF9C9EF69342217797FD25557EAF5BB8916E47C0F66338196B45A4E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034312Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:33.936{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57B2DF04840D697ED26E1649A9185E13,SHA256=067E8D31D7FE5141F85879912AC71298E26C9DD3D923DA067F7832F6DA69ADB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:33.731{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22447F6F9ADCD8BD3AEF03187ADE7D80,SHA256=212E72B70342AEADEA7DA37603751A59C24CF9E8CDE7164D2DCE8877007426E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034313Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:34.947{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E915FB2BBE9172C44E3E8974C4D09E4A,SHA256=0A110D6D17492F77932CD0B718EB4A67C1340E64EF45E2B4EA934BEA671C4F4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:34.732{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BD3A3C8E09A61A3E8B1BE12D414A7CC,SHA256=E4F89DBD3D7E8CAC92F88745642D5F7794DC731D308264CB0BE63FE353E909EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:33.304{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63551-false10.0.1.12-8000- 23542300x800000000000000083975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:35.747{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9D29E67F8AF1C0D10F0F278F3783A3E,SHA256=C315D49E61377A92FA08C0761A7878335D585A7E580D1B14C7ED7BFA43C5284E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034314Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:35.947{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C01EF1610089DEFE5F2B4CB07A854B59,SHA256=DEAD0EF26D8A6DCC2989B3DE667E783E70258E6359F20E6AC6355FB1283F4168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:36.762{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38594D1F0969B10CB4430B9536F7F45A,SHA256=644CF3015E2A2BA7EAFFC4AE96A8CB52878800D6F5215C1B6238637C25CFD076,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034316Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:36.963{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04CB7C497FE8463FCCB6FF6AD5C1CDA5,SHA256=342002309430E965798E2A94EDDAFE18365FB15FBE3BB5E139D1F3907911F3DC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034315Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:33.433{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51712-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034317Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:37.979{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63219331276923E8A191C5821A088F88,SHA256=4773EB79F900B1D3976513532B3ED8705A388ED8A9E60D73C581DDBA7801C6E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:37.763{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF573FC9A4699EF0747B19C701B9195B,SHA256=65247C854F851FB6E20D17B1A7C68F3FA3A4EB7EA530A82E23E4C30E85417E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:38.763{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78BD31CFB9C12D0B62CDAA08445A3658,SHA256=55FD01FD3C1A5F138C85E1F4757B5C40EF33069F9BBF305ACEC048B141ED2D5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:39.767{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9434921BB68BCD364ABC1244FADDB053,SHA256=A1765070BBA1C1AACB087B234CE5E9526359C8552EA3034923B9192D1657C999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034318Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:39.197{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C8B92664AC5D1CAD22640982C95AA71,SHA256=BDA5EAA867793E258840F2FB00F3D3D9934C2B406EF6F22C2E94A91645259A38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:40.782{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE2838509D93A67E4FA80A40C1E3BFAD,SHA256=BEA520202FF113B9728F15D7C25D90A6F12198002FFF5F858FE75005A6708C62,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034320Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:38.511{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51713-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034319Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:40.197{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=718390CF4A4EF88279C071DC567B0326,SHA256=47B6FA378621CD5BD6FE5816FDDED17BED61A42C573A7C4253FA0A8FEFF70DD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:41.784{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95A72859A8EE57E24BB6E9BA3E2DD3EE,SHA256=35C08CDF7CAB8AFA87AA16EAF19F4E79E2B057BF49251E8016ADF8FFDC9C255C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034321Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:41.432{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13CB309FB3C0854D6DAC678938BFFCD8,SHA256=889469E10217A3B3DBF5FED8917C8E3FBD6A4920F069CD83739F710FB152E8FA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:39.235{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63552-false10.0.1.12-8000- 23542300x800000000000000034322Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:42.666{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3829F5FBEEC4C47C138166190993015F,SHA256=F4AD2F01C21979AAD5A46E6D8158E870E0386AA9630EB4EF6E2898F181D41268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:42.799{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20992862461354254CD7FC319CB90E4C,SHA256=D3D69D2A2C5C026CA3C69159ECDB3AD4AB8287EC72812EBBD7F5FC1FCD0BC874,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:43.816{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0F2557033492F4A892B771B42F07110,SHA256=8923D1C8DE5C6D9DC2E23E35113DCC924FB8E64B9C9B82C18187ECC614105A9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034323Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:43.885{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=691F829B135FD688C6D176A00CFA8F9F,SHA256=E6A65604E133526E36B9C17439B1D0F9D2F4E7E40EBA151CE51A49584F07F78A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034324Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:44.900{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9629E545A15A29A4BDDA62B3EB2C3172,SHA256=B82A37EF2C4D9314C050F0EA1F47057CFC23DC984C29A71C22D588A6327C486E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:44.835{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=670CDB0660BFC90330A20F7BDEB41637,SHA256=03FAFFE4B78F7FD40A6845F2D976256B7DDA465913344D517B1DD2E634DF2D7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034325Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:45.916{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9D56A15BD51EAD46AD45E4F907A5B24,SHA256=C5985C1A666C9CE1DE51737E2EBE7D3EB5E190EAD753691AE2A8FBF44A3A4BD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000083987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:45.850{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D11BBC9E8AE81617B35C1B3716121A,SHA256=0B5604659474D27143F45745135FA36100F1EB6722CE98108F7B4F43E530A332,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000083986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:44.255{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63553-false10.0.1.12-8000- 10341000x800000000000000084095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.965{8057F119-3272-60EC-830A-00000000DB01}49447372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.965{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.965{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000084092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.965{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=405991DBAB9319F7EC9653D4535CF90A,SHA256=84A22B669EB534BD048382376E4C63115884B7EC8C2038223E3D6E6CCB2B06EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034326Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:44.527{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51714-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000084091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.748{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDE4BD7D6FFCAB04F8572D6DD15E08FC,SHA256=8FEEE4D050348A51676A44FD3B71910C8CE6AED0A17FD2D757CDF6435E26357A,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000084090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.733{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000084081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000084069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000084068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000084066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000084054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000084052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000084051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000084049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000084044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.717{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000084043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.718{8057F119-3272-60EC-830A-00000000DB01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000084042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.384{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000084041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.383{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.382{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000084039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.081{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000084030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.065{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000084009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000084008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000084007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000084006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000084005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000084004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000084002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000083999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000083998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000083997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000083996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000083995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000083994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000083990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000083989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.050{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000083988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:46.051{8057F119-3272-60EC-820A-00000000DB01}7232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000034327Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:47.135{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C6D1835B46C5A64B828C32917D11828,SHA256=487DEEE2C63B373048F6EA4FBCEC2EE135090A3C6BA1A6806BE05C0B707B821C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000084148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.602{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000084147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.602{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.602{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000084145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.417{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.417{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000084125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000084123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000084112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000084111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000084109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.401{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000084107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.400{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000084106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.400{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.400{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000084104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.399{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.399{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.399{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.399{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.399{8057F119-089E-60EC-0500-00000000DB01}412428C:\Windows\system32\csrss.exe{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000084099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.398{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000084098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.397{8057F119-3273-60EC-840A-00000000DB01}8612C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000084097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.064{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=282148DF62EE56817A3C1372A736AF6D,SHA256=20CA6FAC27A2D5E839AFC8D982CBFB70F47C07F3416FCA26A8801DDD7176032E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:47.064{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F87EF6511182D9A4AC10759AB7C0046,SHA256=F5250ADA5207BF8D0DF69E4CD0976021926DFAAE4EE0980407F90DB47D0EBDCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:48.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=282148DF62EE56817A3C1372A736AF6D,SHA256=20CA6FAC27A2D5E839AFC8D982CBFB70F47C07F3416FCA26A8801DDD7176032E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:48.217{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DD4B69A94EA87788A16AD3D119C7AC8,SHA256=12F275053B56C70EABCBAAD85CB93469F9F92FD5421710225FBBFAD75621887C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034328Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:48.150{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F495311E13C46E12F0731689CDEDC3D,SHA256=11A795FCAFE1008760CE515B405A4F2D7B7442A70B7B6B3AD749159C50BDC1FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034329Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:49.166{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAEF4CA283A58A199B46E6E4983EDFFF,SHA256=67414E0C518BA67B4109BFD791BF3B637461E66DA726A519AB4324659ABA745C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000084250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.980{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.980{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.980{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.980{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.980{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.980{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.964{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.964{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.964{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.964{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.964{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000084230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000084226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000084217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000084215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000084214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000084212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000084211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000084209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000084208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.948{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000084203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.949{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000084202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.502{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000084201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.502{8057F119-3275-60EC-850A-00000000DB01}916410068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.502{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.502{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000084198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.302{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000084180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000084177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000084165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 10341000x800000000000000084163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000084161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000084160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000084158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000084153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.280{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000084152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.281{8057F119-3275-60EC-850A-00000000DB01}9164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000084151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.217{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1458D9DE731566BA9C9E5A2DC1CEDD19,SHA256=D168238C87262C69768B212318420B11F0E72EDA8784B24F3FBE99BB9250FD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034330Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:50.214{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C233F0FB6D1AD1A08BD1A5FF42832887,SHA256=E7DEC18C7A2795C43B691F87CD886CED57F2DD2731C61DF5DF2286612E1C8FBB,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000084308Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.778{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000084307Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.777{8057F119-3276-60EC-870A-00000000DB01}46847796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084306Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.777{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084305Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.776{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000084304Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084303Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084302Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084301Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084300Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084299Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.480{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000084285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000084282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000084271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000084269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000084267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000084266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000084264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000084259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.465{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000084258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.466{8057F119-3276-60EC-870A-00000000DB01}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000084257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=849F7CD65E1D2C88E7CF1B194508680A,SHA256=1A0DE61935851AF135512E1D150A4274EA90C0FEF83B953307E76C92F2360C4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.433{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D774AC838F03BEA0736921F507D0B74,SHA256=69F539A25782FB3DCFEC617E8D62061C9993035FEBB38205511D092A130B961E,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000084255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.181{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000084254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.181{8057F119-3275-60EC-860A-00000000DB01}83369956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.165{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.165{8057F119-3275-60EC-860A-00000000DB01}8336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000084251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.065{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C183DB8E112A4EF32578D8AD3549A09,SHA256=F77EE55429FA0C670FFB314692A0B1C17C29BA656B99B3E875F08E845D497CBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034331Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:51.447{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41D4EFEC88B2BF98E33C1A9C2722FB51,SHA256=380C1AAF15892DCC022E47F78B80788E0159F46B3FB258F7D0D90CB54F5FCDF4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000084313Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:50.275{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63555-false10.0.1.12-8000- 354300x800000000000000084312Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.974{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63554-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000084311Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:49.974{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63554-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000084310Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:51.525{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=472D6AC0D137965FFD3E6F4CAD7C2387,SHA256=E4AC8DF97F6816E6D5D840FCF7E7E3DF1FCDE5B6AA85AE4420DAFB0D9C27E789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084309Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:51.525{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F06EFF2DC869BA0F0345EE595A2A030B,SHA256=BD2B226FAFF5F208A0ADAB2C8F4171A177A27440F6066D6AE21E9CAC365162B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084314Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:52.525{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C89A27FD4FFDA834E8C80DA13E25D5F,SHA256=BD41902611F4FCFA0281291CA141B40773508310A95E1DBA7CBEF8992B435FED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034333Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:50.433{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51715-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034332Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:52.604{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E74152774DC443811F53CEA991F20D12,SHA256=586CFD61851C00BB1C5B3F92235EBF712C7FE6C4497E8BC869CD9A9BD0CD0158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084366Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.755{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91BFF20F062D325EB65996F5FFE930D2,SHA256=72625155D2359470772584869F135A9195A80F62D5840C3B7A2249E9319989CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034334Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:53.619{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=931899AD7B58FF2CF5F7280FC8A43F6D,SHA256=481519EDD718D88551E3E6A900E00CC9386423D641D8F6F226CDA345BDC1A08B,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000084365Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.440{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000084364Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.440{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000084363Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.424{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000084362Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000084361Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000084360Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000084359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000084358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000084357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000084356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.209{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000084355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000084354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000084353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000084352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000084351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000084350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000084349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000084348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000084347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000084346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000084345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000084344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000084343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000084342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000084341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000084340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000084339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000084338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000084337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000084336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000084335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000084334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000084333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000084332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000084331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000084330Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000084329Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000084328Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084327Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000084326Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000084325Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.193{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000084324Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.192{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000084323Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.192{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000084322Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.192{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000084321Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.191{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084320Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.191{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084319Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.191{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084318Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.190{8057F119-08A1-60EC-0C00-00000000DB01}8405560C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000084317Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.190{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000084316Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.190{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000084315Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:53.188{8057F119-3279-60EC-880A-00000000DB01}9204C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000084368Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:54.770{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08FA30FAF283938D501FE2A41DB4266A,SHA256=65FC06102550897A3C72FA656A1ED17E020CE3C3C79B9CB9BFF4D8BF47F03263,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034335Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:54.623{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F9B086AC13A1A3A8600B27E319AA4F5,SHA256=9ECA1B3D7817E407E54CA9D78C90A41E13A9DF3BAA5A2076680DB1FA67DB8EFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084367Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:54.209{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AAF0240CD07F53DAEAF94EAF0A6DD3A,SHA256=066D16FA4A33AE13A893E580CCD485BC94FE3CB421F9808C58066290D4AEC810,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084369Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:55.787{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=549E07C53CC9CBF5FAD5CBAA94F0A2DD,SHA256=B8EA25A8EE290EF1AFC47A27060E6AC03E4710BE03C6A0304A7199FE4AC260F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034336Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:55.639{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23A71F7B978162CA8691C98CF09AC552,SHA256=87579B19868A4954AAC41C04AD8316EA58220725C679369703A0842C5439B41B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084370Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:56.806{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D08928377DF9E576883E9FC8265610D2,SHA256=3DF5DBE20107ACBAA098358DF55AEFE5354204BE65B147AA38E73BEA81A45157,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034337Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:56.654{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE5E124847E0DAA000280481A38FC3D8,SHA256=61136FE323D180A1200E7AF38EA2B71C2615ED26118E79A427B0DA2F6447C66C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084371Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:57.820{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3624DD55DA2A519D715E7BAF60545EC,SHA256=9BDB59658D8CC19799C7B6EA53E20539B1E4EAD181C99591B8BE273A9ACAE6C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034338Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:57.670{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB2CD7C9EC954257CDECAB5BB3A18AF4,SHA256=D7B14BBE5D6F9DAF47C23523E0AC109E37E5DB1E0009AFB486DC12C10189EB7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084373Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:58.835{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A51A54BE79E94EB52FD4CC2AEDC812D,SHA256=FE2CE27582A4A4D57033AF560C67FF5C23AA079B8B14D42516237B19CAFC612F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034340Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:58.686{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0063DA1242B5A0C12F93A0F90B7E6A63,SHA256=C0135E0AD44A1EB2AC2055502889F0A723942E8BC46FEDD7806A629714D4EE32,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000084372Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:56.229{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63556-false10.0.1.12-8000- 354300x800000000000000034339Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:55.468{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51716-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000084374Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:15:59.849{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF75AF93C6C83DED35BE18FC80634199,SHA256=44BAA8A5752BBB3258B1F5F49865F25D7B187743DB493D6356B94984A3215212,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034341Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:15:59.717{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFFD4B7CB8A287766A3A0306DCB53A2E,SHA256=4703015D9724D45EFD26C35C572660CB06CBDFDB92B2AB760C2921B8113A2DB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084375Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:00.864{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18B448472EB28A07D4F8367EAC831B21,SHA256=3CDCCDB482B0F639D95B82DA71AFFAEAE855797E97FEC977F8BFF19663AAF251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034342Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:00.733{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DA05A4B873DA0B065FF36F441C071C0,SHA256=A86570AE3322E1DA4B9F964DC4C33A2D1804838391AE80B8B6AD156C5E4DE274,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034343Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:01.951{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D4631D99E1C69FD41FC09786302425E,SHA256=52D24B538A88EB3A79B14AFEF6D02957CF30B08F035C6F17787F4759A5829E26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084376Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:01.881{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20009E6053D83F1882E1AD8FEB60CF24,SHA256=B7874772651A2C863A5B3CCE2F8940D35215E64B14679E4ACB0D9FE35551E5FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084377Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:02.899{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13CFB1443F5E701EDDEDD042FF8FAA2F,SHA256=52D003B7E1D11010BB3C05EF59948902DDD52BD7E39C505D74A27AF9F315FD55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084378Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:03.914{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=021C507B2744EB281929F0252F3FC6A7,SHA256=53BDDC0EED370E4CF8047BE86F389EF6D9217EB3E532AED1A654A011F70BDBBF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034346Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:00.578{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51717-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034345Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:03.326{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034344Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:03.186{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D05E858B1BE3B4616BCB8FDE4CAE58DE,SHA256=A2D86BE138171E3D07E23243A2E90008C538B5649957F4D371406E7BDB50BCE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084380Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:04.914{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C0CA656D550AEB6FA3F0C774C6E2C66,SHA256=950C119AC683E8FC2D5E115FF14223CE494AE5AA729176EC77AD5F1BA4430ABA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034348Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:02.656{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51718-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000034347Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:04.420{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23E339845994C2F2BF6483D2EB9E0F66,SHA256=080770C03B2D7F34BE6673B2EE7AB84D16B9DF32E1EDB0541B9CD220941D29D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000084379Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:02.172{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63557-false10.0.1.12-8000- 23542300x800000000000000084381Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:05.928{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5A3E8D6B7E32C0AA09379676204CC1C,SHA256=BF156756692EACC6FFD65F914F2871A52ED71F7CC0B0F660E41D808F72B92B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034349Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:05.654{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22165DECEE2E1B9AE8F8109744ED1DF2,SHA256=AECA2476D42B7B9AE1F5AB720D47B7FABE4FDD163BE2742D3B473FBF44CBF391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084382Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:06.958{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6F3CD38463554F629CA2465DF949E09,SHA256=4DAD59D7E8563BD2E66C19C8764B197E46B3EB015E6E4825DEA77D962F6E84A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034350Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:06.686{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EFA759F41EA38402A4C7F05773FF42E,SHA256=66E45B3660D57474244C5ADE70EA4FFF0B28EDD25DE9B30BB172EE591E3BB7E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084383Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:07.976{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE16C652E6357207653912CD6DFC2691,SHA256=2C4BC22EA97EC0355532A4E62552E761F625C07D98DC591B36BDD65B1C5878DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034351Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:07.795{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E8A0A464A9D5D8CAB9FA169D0D9B267,SHA256=50285766F7FCC02E3D5BA25DE59488B92DF0234B07339BEC2FA74D3B5AE981DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034352Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:08.811{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13DC84724F4F1CD4DEFE23A28952A20E,SHA256=7282C348F91472ECB90B326FA72C562678A49977A5587467CE5D94CB28F8BBCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084384Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:08.996{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B1F66A278A1415BC262284C82711B1F,SHA256=3E554FAD4F2C9FF5C93AC2763AE14C05972EBEF32393A5FFF7C7623F25998311,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034354Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:06.437{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51719-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034353Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:09.826{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F19FDEF34D344883DEDD86B10A6A6F52,SHA256=BE4B428E946A7C46F69E4D7DE1B086464E5D85660D219FC332017CA1661D2DD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000084385Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:07.184{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63558-false10.0.1.12-8000- 23542300x800000000000000034355Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:10.826{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=744A13182054B655C416B094F354D4ED,SHA256=636052CA43407D7F18006608B19D5347450D8C61BC4B9348D507D7209D49E162,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000084387Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:10.297{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-0C00-00000000DB01}840C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000084386Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:09.997{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A542E976FD2A32045A712B840AD42F3,SHA256=69FCAB2A6457B593A91B68C6A9AB72D01490E5C540992F275E3E842850AE7F81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034356Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:11.842{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A15C8F3781C7DBF199438A5B32CDB1F,SHA256=119B99802F84A8C33BEEDC7CBBD96AF7EB59469AD7AF55D95EA79EB1F5F9C74F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084388Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:11.013{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0EA2FFA22DCA443A112010C578A9A69,SHA256=1B39A85774EFFE99194D2999B5B3B958959ED8EEFB947EF228941F09DECAE2B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034357Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:12.857{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4948F99EE93AA668C5687FD072C22F1,SHA256=F20FDDB22457A43294FDCC215E61A019BAB5BD636740F7BBF12E9BDA7600ABC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084389Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:12.028{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CE0D79DA1BD0A85E9649FD8B5BD8070,SHA256=23F5226C6A6F6CA75E6C33C53B31ABD05927E3C3C6363C3B5635238D24DEF7E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034358Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:13.873{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF20DED1CDE90EFC4A713B6168022901,SHA256=DFECACBF34E30E093B7FA36E25B120AE6AD663F7C64C152C8DF00D5FC8BEF9B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084390Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:13.028{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C22C41F43FFC879E92672E81F36EBFB8,SHA256=2BC3D1B4104CD3D49D6E17126250AF5F00334897C6C092D0790C6FD161529835,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034360Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:14.879{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0247F62A35774954D58E1FE049E9A0F,SHA256=D3029F68E4790D1A01F45A297398B713D6AB335C438B370EC5925BBE092071CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000084392Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:12.370{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63559-false10.0.1.12-8000- 23542300x800000000000000084391Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:14.033{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22724A55E8B6D8935F606E8A20F8DE2,SHA256=4517BB9DDB8941EAE697602BA0893545B25BB5E32B08C1B83628DC7B774ED749,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000034359Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:11.499{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51720-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000034361Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:15.881{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA614F43D0C4AE315CE0421B46DD0A9E,SHA256=7C97B99CBAFF02315106EE6FFACD1AC684B429FE2764BDCE5C62C3F3945C1D10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084393Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:15.043{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC5E30E8E4D0C85892579D50895B886E,SHA256=1396FEC13577F5FB9BB27AE55D4A48A22A1C632C64182966368F5974498B9BFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000034362Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:16:16.881{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5F1EB6F4D73A1EA00CDA62D503AB80C,SHA256=3B3E878AD53776D0D592CAE75CD7CD264F31E6E55EFFE51BED2AEC83730757BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084394Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:16.057{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7232126A7125EE05725143E955B2C38,SHA256=C5FBA9E6DC15638B8340348AB70EE5AC59B5B9015C9485E4F8ED3662119A3705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000084395Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:16:17.058{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F337DB32D87F164997BF4760A9843D7B,SHA256=3C48B78826DBFBACE292B2772663D98DD4BDAC0060E06B4B37C562B3207D345B,IMPHASH=00000000000000000000000000000000falsetrue